hashbasedtoken

Hash-Based Token, typically looks like the following.

uuuuu.vvvvv.xxxxx

• uuuuu is id (base64url)
• vvvvv is expires (base64url)
• xxxxx is signature (base64url)

A token based on an ID, such as a UUID Hash-Based Token (hashbasedtoken), has a length of 126 characters, whereas a JSON Web Token (jsonwebtoken) has a length of 187 characters.

Install

npm install hashbasedtoken

Quick Start

Get up and running with a single import.

Sign

import hbt from 'hashbasedtoken';

const token = await hbt.sign('token_id', 'super_secret_key', {
   algorithm: 'HS256'
   expiresIn: '5m',
});

options:

• algorithm (default: HS256)

Eg: "HS256", "HS384", "HS512", "RS256", "RS384","RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512". A hash algorithm, otherwise algorithm is used by default ("HS256" is equal to "HMAC using SHA-256 hash algorithm").

• expiresIn (default: 120)

Eg: 60, "2s", "5m", "10h", "2 days", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").

Verify

try {
  const isValid = await hbt.verify(token, 'super_secret_key');
  console.log(isValid);
} catch (err: any) {
  console.log(err);
}

Get token id

const tokenId = hbt.getTokenId(token);

Get token expires (Unix Timestamp in milliseconds)

const expires = hbt.getTokenExpires(token);

Check token expires (not verify)

const isExpire = hbt.isExpires(token);

Remark

However, it's essential to strike a balance between token length and security. While short tokens have their advantages, they should still provide a sufficient level of security for the specific application. Token security also depends on other factors, such as token complexity, encryption, and proper implementation.