Secure random token in Node.js


In this question Erik needs to generate a secure random token in Node.js. There's the method crypto.randomBytes that generates a random Buffer. However, the base64 encoding in node is not url-safe, it includes / and + instead of - and _. Therefore, the easiest way to generate such token I've found is

require('crypto').randomBytes(48, function(ex, buf) {
    token = buf.toString('base64').replace(/\//g,'_').replace(/\+/g,'-');

Is there a more elegant way?

5/23/2017 12:10:09 PM

Accepted Answer

Try crypto.randomBytes():

require('crypto').randomBytes(48, function(err, buffer) {
  var token = buffer.toString('hex');

The 'hex' encoding works in node v0.6.x or newer.

3/18/2016 6:34:37 PM

Synchronous option in-case if you are not a JS expert like me. Had to spend some time on how to access the inline function variable

var token = crypto.randomBytes(64).toString('hex');

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow