hashbasedtoken
v0.2.2
Published
Hash-Based Token
Downloads
29
Maintainers
Readme
hashbasedtoken
Hash-Based Token, typically looks like the following.
uuuuu.vvvvv.xxxxx
uuuuu
isid
(base64url)vvvvv
isexpires
(base64url)xxxxx
issignature
(base64url)
A token based on an ID, such as a UUID Hash-Based Token (hashbasedtoken), has a length of 126 characters, whereas a JSON Web Token (jsonwebtoken) has a length of 187 characters.
Install
npm install hashbasedtoken
Quick Start
Get up and running with a single import.
Sign
import hbt from 'hashbasedtoken';
const token = await hbt.sign('token_id', 'super_secret_key', {
algorithm: 'HS256'
expiresIn: '5m',
});
options:
- algorithm (default: HS256)
Eg:
"HS256"
,"HS384"
,"HS512"
,"RS256"
,"RS384"
,"RS512"
,"PS256"
,"PS384"
,"PS512"
,"ES256"
,"ES384"
,"ES512"
. A hash algorithm, otherwise algorithm is used by default ("HS256"
is equal to"HMAC using SHA-256 hash algorithm"
).
- expiresIn (default: 120)
Eg:
60
,"2s"
,"5m"
,"10h"
,"2 days"
,"7d"
. A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120"
is equal to"120ms"
).
Verify
try {
const isValid = await hbt.verify(token, 'super_secret_key');
console.log(isValid);
} catch (err: any) {
console.log(err);
}
Get token id
const tokenId = hbt.getTokenId(token);
Get token expires (Unix Timestamp in milliseconds)
const expires = hbt.getTokenExpires(token);
Check token expires (not verify)
const isExpire = hbt.isExpires(token);
Remark
However, it's essential to strike a balance between token length and security. While short tokens have their advantages, they should still provide a sufficient level of security for the specific application. Token security also depends on other factors, such as token complexity, encryption, and proper implementation.