hashbasedtoken v0.2.2
hashbasedtoken
Hash-Based Token, typically looks like the following.
uuuuu.vvvvv.xxxxxuuuuuisid(base64url)vvvvvisexpires(base64url)xxxxxissignature(base64url)
A token based on an ID, such as a UUID Hash-Based Token (hashbasedtoken), has a length of 126 characters, whereas a JSON Web Token (jsonwebtoken) has a length of 187 characters.
Install
npm install hashbasedtokenQuick Start
Get up and running with a single import.
Sign
import hbt from 'hashbasedtoken';
const token = await hbt.sign('token_id', 'super_secret_key', {
algorithm: 'HS256'
expiresIn: '5m',
});options:
- algorithm (default: HS256)
Eg:
"HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512". A hash algorithm, otherwise algorithm is used by default ("HS256"is equal to"HMAC using SHA-256 hash algorithm").
- expiresIn (default: 120)
Eg:
60,"2s","5m","10h","2 days","7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120"is equal to"120ms").
Verify
try {
const isValid = await hbt.verify(token, 'super_secret_key');
console.log(isValid);
} catch (err: any) {
console.log(err);
}Get token id
const tokenId = hbt.getTokenId(token);Get token expires (Unix Timestamp in milliseconds)
const expires = hbt.getTokenExpires(token);Check token expires (not verify)
const isExpire = hbt.isExpires(token);Remark
However, it's essential to strike a balance between token length and security. While short tokens have their advantages, they should still provide a sufficient level of security for the specific application. Token security also depends on other factors, such as token complexity, encryption, and proper implementation.