Générer des Jetons
In many situations, we need to generate tokens and then verify them (for example in the flow of a password reset). This document shows how to do so with FoalTS.
Unsigned Tokens (simple case)
The generateToken
function generates a cryptographically secure random token encoded in base64url (128 bits)
import { generateToken } from '@foal/core';
const token = await generateToken();
Signed Tokens
You can also generate a token using a secret. The secret is used to sign the token to provide extra security. It must be encoded in base64. You can generate one with the following command:
foal createsecret
Generate a signed token
import { generateSignedToken } from '@foal/core';
const token = await generateSignedToken(secret);
Verify and read a signed token
import { verifySignedToken } from '@foal/core';
const signedTokenToVerify = 'xxx.yyy';
const result = await verifySignedToken(signedTokenToVerify, secret);
if (result === false) {
console.log('incorrect signature');
} else {
console.log('The token is ', result);
}