0

I'm implementing my own CSRF tokens on an application and I want to know if there is a standard for generating the MD5 hash that I will be storing in my JWT.

This is what my code looks like currently.

 var token = auth.generateToken({
     name_id: claims.nameID,
     session_index: claims.sessionIndex,
     departments: JSON.parse(data[0].departments)
 })

I would really like to solve this without any npm modules because I'm building this for a lambda architecture and I don't want to store anything. I want it to be very minimalistic and completely stateless.

Thank you

Miguel Coder
  • 1,896
  • 19
  • 36
  • Do you want a random string? or to hash some data with md5? – Matt Mar 08 '18 at 01:53
  • I want a random string I guess, but all of the examples of CSRF tokens that I have seen look something like this. XXX-XXXXXX-XXX-XXX-XXXX – Miguel Coder Mar 08 '18 at 01:55
  • I want it to look like this https://stackoverflow.com/a/37169633/5231528 – Miguel Coder Mar 08 '18 at 02:02
  • 1
    That's a uuid.. most of it's covered for [node here](https://stackoverflow.com/a/27747377/1318694). – Matt Mar 08 '18 at 02:21
  • No problems. [`uuid-random`](https://github.com/jchook/uuid-random) is much faster at generating uuids and I've modified that into [`base62-random`](https://github.com/deployable/base62-random) if you need plain strings. In lambda you won't see the speedup though as they call `randomBytes` less frequently and pass out the cached random data. – Matt Mar 08 '18 at 02:37
  • Possible duplicate of [Generate random string/characters in JavaScript](https://stackoverflow.com/questions/1349404/generate-random-string-characters-in-javascript) – Matt Mar 08 '18 at 02:38

0 Answers0