0.0.11 • Published 1 year ago

dynamic-token v0.0.11

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

dynamic-token

To make a secure and sensitive API request with a dynamic token, you need to ensure that the request is originating from your app. This is necessary because many proxy browsers do not support cross-origin requests, and apps like Postman do not have an origin. To achieve this, you can use a dynamic token feature when the anyone accesses a sensitive feature like login ,signup or verfiyOTP etc.\ .

Note: A dynamic token is not a user authentication token like a JWT. Rather, it is an app/web/origin authentication token. For example, a JWT validates that a user is logged in, and a JWT token is reusable. However, a dynamic token validates that the request is originating from your app/web/origin and is not reusable. Each time a dynamic token is generated, it is unique and valid only for that specific request. The token cannot be used for any other requests.

Getting Started

npm install dynamic-token

Usage

Warning:Use the dynamic-token validation only for sensitive requests like login, signup, verifyByOTP, changePassword, deleteAccount, deleteSensitiveData, don't use it for like, dislike, chatting and other continuous cyclic API requests.

GENERATE TOKEN AND API CALLING IN FRONTEND 

import { generateToken } from "dynamic-token"
import axios from "axios"

const login = async( ) => {
  await axios.get(`${baseUrl}/test`, 
  { headers:{
     dt: generateToken(334444784884)  // Note that the secret code must only contain numbers,                                      
  })                                    // and its minimum and maximum lengths must be 9 and 12 digits respectively. 
}                                       // The code cannot contain the digit '0'

Note: To achieve better performance, consider using the generateToken function. There is no time difference between calling the API and using the generateToken function, as shown in the following example.

VALIDATE TOKEN IN SERVER SIDE

const { validateToken } = require("dynamic-token")
const express = require("express");
const router = express.Router();

router.get("/test", function (req, res, next) {
  const dynamicToken = req.headers.dt
  try{                                                // The second argument must be the secret code that matches the one used
     validateToken(dynamicToken, 334444784884, 50 )  // to generateToken in the frontend API call  against this endpoint. 
     // sucesss                                       // The third argument is timeout that value 50 means generateToken and 
     res.status(200).json({ hello: "world" })         // validateToken between time difference is more then 50ms is invalid request
  }catch (e) {                                        // Timeout minimum value is 50 and maximum value is 600 and 
      // fail                                         // default value is 200 so it is an optional parameter
      console.log(e)
      res.status(400).json({ message: "not authorized" })
  }
});

Note: always make sure to first call 'validateToken' to validate the dynamic token.

Note: I want to suggest you use different secret codes for each endpoint for security reasons, because if one secret code is accidentally exposed, the other end points are still secure..

real-time token generationtoken rotationone-time-use tokensOAuth tokensaccess tokensauthorization tokenssecure tokenstoken generationtoken management
@everything-registry/sub-chunk-1542
0.0.11

1 year ago

0.0.10

1 year ago

0.0.9

1 year ago

0.0.8

1 year ago

0.0.7

1 year ago

0.0.6

1 year ago

0.0.5

1 year ago

0.0.4

1 year ago

0.0.3

1 year ago

0.0.2

1 year ago

0.0.1

1 year ago

0.0.0

1 year ago