Payload of the token should include and the server should validate these fields:
- Server's wireguard pubkey
- Token Expiration date
- Time to be added to wireguard session
- Payment_hash used to verify payment w/ preimage and as a token identifier
While the L402 protocol has the right flow of information, the security token is not great for the use case. Macaroons are designed for attenuation, meaning the token can be delegated to others with reduced permissions. This functionality is not needed in our case as the token should be a one-time redemption, so attenuation increases complexity unnecessarily. Additionally, because it's a newer concept, it has limited standards and support.
Paseto is similar to a JWT, but addresses some of its deficits.
Payload of the token should include and the server should validate these fields:
While the L402 protocol has the right flow of information, the security token is not great for the use case. Macaroons are designed for attenuation, meaning the token can be delegated to others with reduced permissions. This functionality is not needed in our case as the token should be a one-time redemption, so attenuation increases complexity unnecessarily. Additionally, because it's a newer concept, it has limited standards and support.
Paseto is similar to a JWT, but addresses some of its deficits.