npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dynamic-token

v0.0.11

Published

To make a secure and sensitive API request with a dynamic token, you need to ensure that the request is originating from your app. This is necessary because many proxy browsers do not support cross-origin requests, and apps like Postman do not have an ori

Downloads

35

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

paneruvipinpaneruvipin

Keywords

real-time token generationtoken rotationone-time-use tokensOAuth tokensaccess tokensauthorization tokenssecure tokenstoken generationtoken management

Readme

dynamic-token

To make a secure and sensitive API request with a dynamic token, you need to ensure that the request is originating from your app. This is necessary because many proxy browsers do not support cross-origin requests, and apps like Postman do not have an origin. To achieve this, you can use a dynamic token feature when the anyone accesses a sensitive feature like login ,signup or verfiyOTP etc.
.

Note: A dynamic token is not a user authentication token like a JWT. Rather, it is an app/web/origin authentication token. For example, a JWT validates that a user is logged in, and a JWT token is reusable. However, a dynamic token validates that the request is originating from your app/web/origin and is not reusable. Each time a dynamic token is generated, it is unique and valid only for that specific request. The token cannot be used for any other requests.

Getting Started

npm install dynamic-token

Usage

Warning:Use the dynamic-token validation only for sensitive requests like login, signup, verifyByOTP, changePassword, deleteAccount, deleteSensitiveData, don't use it for like, dislike, chatting and other continuous cyclic API requests.

GENERATE TOKEN AND API CALLING IN FRONTEND

import { generateToken } from "dynamic-token"
import axios from "axios"

const login = async( ) => {
  await axios.get(`${baseUrl}/test`, 
  { headers:{
     dt: generateToken(334444784884)  // Note that the secret code must only contain numbers,                                      
  })                                    // and its minimum and maximum lengths must be 9 and 12 digits respectively. 
}                                       // The code cannot contain the digit '0'

Note: To achieve better performance, consider using the generateToken function. There is no time difference between calling the API and using the generateToken function, as shown in the following example.

VALIDATE TOKEN IN SERVER SIDE

const { validateToken } = require("dynamic-token")
const express = require("express");
const router = express.Router();

router.get("/test", function (req, res, next) {
  const dynamicToken = req.headers.dt
  try{                                                // The second argument must be the secret code that matches the one used
     validateToken(dynamicToken, 334444784884, 50 )  // to generateToken in the frontend API call  against this endpoint. 
     // sucesss                                       // The third argument is timeout that value 50 means generateToken and 
     res.status(200).json({ hello: "world" })         // validateToken between time difference is more then 50ms is invalid request
  }catch (e) {                                        // Timeout minimum value is 50 and maximum value is 600 and 
      // fail                                         // default value is 200 so it is an optional parameter
      console.log(e)
      res.status(400).json({ message: "not authorized" })
  }
});

Note: always make sure to first call 'validateToken' to validate the dynamic token.

Note: I want to suggest you use different secret codes for each endpoint for security reasons, because if one secret code is accidentally exposed, the other end points are still secure..