crumb icon indicating copy to clipboard operation
crumb copied to clipboard

Published 20 hours ago verified publisher icon hapijs

Implementation of HMAC Based Token pattern

Open gdelpu opened this issue 3 years ago • 3 comments

Hello,

In the frame of one of my project, I had to modify the Crumb plugin to implement an HMAC based token pattern to be used in a stateless server. I think it could valuable for the community to have it officially embedded in Crumb. The implementation follows the pattern described in the OWSAP cheatsheet. I have included a new option to specify the token generation to use: random (the method used by crumb as of now) or hmac (my current contribution)

Unit tests have been updated to test 100% of the code base with both generation method. API markdown documentation has also been updated accordingly.

gdelpu avatar May 20 '21 09:05 gdelpu

I can tell this was a major effort— the contribution offer is appreciated. There's a lot to dig into and consider here, but I wanted to followup to let you know that this has been seen 👍

devinivy avatar Jun 03 '21 03:06 devinivy

@devinivy Thanks for your update. I'm looking into implementing the double submit pattern as described in the OWASP cheat sheet. Is it something the CRUMB community could be interested in?

gdelpu avatar Jun 04 '21 07:06 gdelpu

@devinivy Thanks for your update. I'm looking into implementing the double submit pattern as described in the OWASP cheat sheet. Is it something the CRUMB community could be interested in?

if this is something you're interested in implementing we would be happy to review and merge!

nlf avatar Jun 04 '21 18:06 nlf