Product
Introducing SSO
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
safetoken
Advanced tools
Readme
SafeToken is a simplest Auth for generating secure tokens suitable for authentication purposes.
We use it to create access tokens and refresh tokens that is verifirable and store encrypted data.
We can invalidate the tokens anytime by just calling resetToken.
SafeToken is easy for everyone.
The SafeToken
class provides methods for generating access and refresh tokens. Tokens are generated using crypto to enhance security. Token expiration is managed, and new tokens can be generated based on configured time intervals.
Refresh tokens can stored to disk with the rtStoreKey: fine-name option.
// in auth.js
import { SafeToken } from "safetoken";
const Auth = new SafeToken({
encryptionKey: "xfn9P8L9rIpKtWKj68IZ3G865WfdYXNY",
refreshTokenPath: "_token",
});
//create a new access token
const accesToken = Auth.newAccessToken(JSON.stringify({ name: "friday" }));
// Generate a refresh token
const refreshToken = Auth.newRefreshToken(JSON.stringify({ name: "friday" }));
const user_A = JSON.parse(Auth.verifyAccessToken(accesToken));
const user_R = JSON.parse(Auth.verifyRefreshToken(refreshToken));
console.log(user_A, user_R); // same thing
// revoke access tokens
Auth.resetAccessToken();
// revoke refresh tokens
Auth.resetRefreshToken();
Default timeouts are 3600000 seconds(access tokens) and 30 day(refresh tokens).
You can customize token expiration times during class instantiation. Adjust the TokenTime and RefreshDays parameters according to your application's requirements.
// Example of customizing token lifetimes
const Auth = new SecureToken({
TokenTime: 900, // Set access token lifetime to 15 minutes (in seconds)
RefreshDays: 7, // Set refresh token lifetime to 7 days
});
npm i safetoken
import { SafeToken } from "safetoken";
const assert = (cond) => {
if (!cond) throw new Error(`assertion failed`);
};
// auth
const Auth = new SafeToken({
encryptionKey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
});
// tokens
let accesToken = Auth.newAccessToken(JSON.stringify({ name: "friday" }));
let refreshToken = Auth.newRefreshToken(JSON.stringify({ name: "friday" }));
// assertions
assert(JSON.parse(Auth.verifyAccessToken(accesToken)).name === "friday");
assert(JSON.parse(Auth.verifyRefreshToken(refreshToken)).name === "friday");
console.log({
accesToken,
refreshToken,
accesTokenD: JSON.parse(Auth.verifyAccessToken(accesToken)),
refreshTokenD: JSON.parse(Auth.verifyRefreshToken(refreshToken)),
});
This library provides a simple and secure way to manage authetication tokens with built-in encryption for added security.
If you find any issues or have suggestions for improvements, feel free to contribute by opening an issue or submitting a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.
Feel free to adjust the information based on your project's specific considerations and security requirements.
cryptos -
FAQs
SafeToken - Generate/Validate secured tokens for authentication seamlessly
The npm package safetoken receives a total of 2 weekly downloads. As such, safetoken popularity was classified as not popular.
We found that safetoken demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.