 Hi, everyone. I'm Brian DeMers from Okta. And in this video, I'm going to give you a quick overview of Pacetto and then jump into how to create and parse Pacetto tokens in Java. Let's get started. First up, what is Pacetto? So Pacetto is platform agnostic security tokens. So when I say Pacetto tokens, it's kind of like me saying pin number. I'm sorry, I'm going to keep doing it. But you can find more about the spec at pacetto.io. But in a nutshell, a Pacetto token is just a way to encode JSON data and transfer it securely between two parties. So if this sounds a lot like JWTs, you're right on the money. It's very similar. The format is different so much so that the tagline for pacetto.io is everything you love about Jose without any of the main design defects that plague the Jose standards. So to give you a quick overview of the format, Pacetto token is broken up into basically three or four main parts. You have the version, the purpose, the payload, and an optional footer at the end. So if you look at this bottom option, you can see I have a v1, so version one, public token, and then there's some base 64 encoded data associated with that. And I like to think about the purpose first. There are two purpose options. So one is local. So those are encrypted tokens. So you can only view them locally if you have a secret key. In public, these are tokens that are transferred in the clear but has a cryptographic signature associated with them so you can verify the contents. First bit was the version and this allows the format to change over time based on our cryptographic needs. So currently there are two versions. v1 is more of a compatibility mode. This is used for systems that don't have the latest cryptographic primitives. And v2 is a recommended option. The strongest crypto, but not all crypto libraries currently support what is needed. But library support is getting better all the time. I've been working on a Pacetto library for Java named J Pacetto. This project is a direct port of JJWT, which is an excellent library for parsing and creating JWTs. So if you need to parse those, I'd strongly recommend that library. So I'm going to build an example. I'm going to create a token and I'm going to parse the token. So I'm going to create an encrypted one. So we're going to need a secret key. So we'll call it secret key. And Pacetto provides a keys utility for you to generate random keys. Now if you are using your own application, you'd obviously want to persist this key somehow so you could use it on each end that's transferring the token. Maybe pull out of a configuration somehow. But for examples, and unit test, generating a key is fine. So I just need to make sure I use the same key when I encrypt and decrypt the token. Next, I'm going to create an instant to represent the current time called now. And then I'm going to start building my token. So we'll say Pacettos. And I'm going to use the v2 local token again for encryption. And I'm going to say builder. So this will create a builder which has a nice fluent API. So I'm going to first set the secret key. So the shared secret is the secret key that I have. And then I'm going to set the issue that time to now. And then expiration to an hour from now. And as you might have guessed, this Pacetto spec has registered claims much like JWT claims. So issue that, expiration, not before, audience, issuer, and various other ones. So I'm also going to set an audience to this video. And I'm going to set a custom claim called one d 20. And we'll assign a random value to that. So between one and 20, so new random next in 20 plus one, will give us a value. And then I'm going to call compact to take this token that I'm building and compress it into a string, we'll call the string token. So now I'm going to log the token to prove that it works. And then let's run this little example. There we go. So as you can see, this created a v two local token. And this base 64 coded data is actually the encrypted bits turned into a string. Now that we have a token, let's parse the token. So we'll take this string and we'll parse it. So we'll create a parser. So again, Pesettos, parser builder. So this will create an instance of a parser that we can then use multiple times. In my example, obviously, I'm only going to use it once. But if you were building a web app, you could use the same instance over and over again. So Pesettos builder. And I need to set the same shared secret to the secret key. And then let's say build. So this will create a Pesettos parser, we'll call parser. That's all there is to it. Now to use the token, would you say parser dot parse, passing the string version of the token, and we get back a Pesettos, which we will call results. Now we can print the claims. So the claims again are just attributes, the JSON attributes. So we can say log claims, self dot get claims. This will print basically the map version of the claims. There we go. So we see we have a couple claims. But if you wanted to access a single claim, you could access the audience claim, the named method. So we'll say results dot get claims dot get audience, just the same as we set it above. And get our custom claims works. It's similar, we could say one d 20 is result dot get claims dot get. So we can either use get and get an object back, or we can say the claim name, which is one d 20. And we say we want an integer, whoops, integer. And this will return the integer value. So we run this again. You see the audience is this video. And we rolled an eight. You can also push the validation of claims into the parser itself. So we go back to the parser, we can say require, oops, require audience. And we can ensure that the audience is this video. We run this course, this will pass because we can see the video is set right here. But if we change this to other video, this will fail with an exception. There we go, expected audience claim to be other video but was this video. So we'll fix that again. We can also do this for custom claims, we say require one d 20 is a value of 20. So this isn't likely to happen, obviously. But you can also do a custom predicate here. See value in the value of a parsed integer or sorry, parsed number will be along by default. So we say value is greater than 10. So we have a 50 50 shot here. And if we run this again, we'll see that it failed. So we rolled a three, we run this again, we passed, we rolled an 11 this time. That's it for this video. Definitely check out the Jepacetal project on GitHub, the link will be in the description below. If you enjoyed this video, make sure you hit the like button and the subscribe button. We have videos coming out weekly and you don't want to miss the next one. Thank you.