Skip to content

cyyynthia/tokenize

mistress
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Tokenize

ko-fi
License

A universal token format for authentication. Designed to be secure, flexible, and usable anywhere.

Implementation

This repository contains the reference Tokenize implementation, in NodeJS. You can find out how to install and use it in USAGE.md.

Here is a list of other implementations:

Security

Here are some basic guidelines implementations should follow to ensure they have a safe piece of software. It isn't a magic formula and doesn't include everything, so make sure you give extra attention not introducing vulnerabilities.

  • Check absolutely everything
    Tokens are pieces of data you can trust as much as the Chinese government. You will receive invalid ones, and some people will attempt to tamper tokens. Make sure to check absolutely everything, and only perform operations on it when you know it's safe.

  • Be aware of timing attacks
    When checking for the token signature, ensure you are using a safe equality check. A safe check is one that takes the exact same time, whether the two values match or not.

Reporting a vulnerability

For security vulnerabilities within the reference implementation, please shoot me an email at cynthia@cynthia.dev so I can give it a look, and issue appropriated fixes and security advisories.

For other implementation, refer to the security policies established by implementation maintainers.

Specification

The Tokenize Token Format specification can be found in SPEC.md.

About

A universal token format for authentication. Designed to be secure, flexible, and usable anywhere.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

Packages

No packages published