Hey, I actually wrote the Paseto library for Elixir, so I’ll explain my reasoning behind it:
1.) Much saner defaults than JOSE (specifically the algorithm issue). We’re removing the decision making process behind chosen crypto by enforcing sane defaults
2.) Preferring JWT/Paseto enables language agnostic backends (beyond just a happy path of Ruby -> Phoenix), rather than relying only on semi-exclusive formats.
Finally, it’s really easy to get small JWT/Paseto’s if you only keep sane information in the token: bitmasks for auth flags, don’t stick the entire user model in the JWT, &c.
I wouldn’t use a Paseto unless I were working in a microservice architecture–I’d default to normal sessions.
