I don't recommend PASETO either.

What do you recommend then? What technology has been designed, completed, then used for years without any updates or problems?

	▲	kasey_junk an hour ago \| parent \| next [-]
		Bearer tokens are a dead end? You have to validate them anyway so traditional auth is the fallback.
	▲	tptacek an hour ago \| parent \| prev [-]
		https://fly.io/blog/api-tokens-a-tedious-survey/ tl;dr: most of the time you should use opaque random strings.