Skip to main content
Version: 3.x


Random Tokens

In many situations, we need to generate tokens and then verify them. If your tokens are tied to a state (for example, a user ID), you should refer to the sessions tokens page. If not, the token generators below may be useful.

Unsigned Tokens

The generateToken function generates a cryptographically secure random token encoded in base64url (128 bits).

import { generateToken } from '@foal/core';

const token = await generateToken();

Signed Tokens

You can also generate a token using a secret. The secret is used to sign the token to provide extra security. It must be encoded in base64. You can generate one with the following command:

foal createsecret

Generate a signed token

import { generateSignedToken } from '@foal/core';

const token = await generateSignedToken(secret);

Verify and read a signed token

import { verifySignedToken } from '@foal/core';

const signedTokenToVerify = 'xxx.yyy';
const result = await verifySignedToken(signedTokenToVerify, secret);
if (result === false) {
console.log('incorrect signature');
} else {
console.log('The token is ', result);

String Encoding

Base64 to Base64URL

This function converts a base64-encoded string into a base64URL-encoded string.

It replaces the characters + and / with - and _ and omits the = sign.

import { convertBase64ToBase64url } from '@foal/core';

const foo = convertBase64ToBase64url('bar');

Base64URL to Base64

This function converts a base64URL-encoded string into a base64-encoded string.

It replaces the characters - and _ with + and / and adds the = padding character(s) if any.

import { convertBase64urlToBase64 } from '@foal/core';

const foo = convertBase64urlToBase64('bar');

Buffers & Streams

Stream to Buffer

This function converts a stream of buffers into a concatenated buffer. It returns a promise.

If the stream emits an error, the promise is rejected with the emitted error.

import { streamToBuffer } from '@foal/core';

const buffer = await streamToBuffer(stream);