Which Algorithm does Github uses to generate their Personal Access Tokens
In my Nodejs application, I have a functionality where users can generate Access Token and use that to make API Calls from the server. I am using JWT for this purpose which is working fine and serves its purpose.
But we want our Access Token to be shorter like the Github Personal Access Token for multiple reasons. Can any one of you help me identify the Algorithem they are using to generate this kind of short tokens?
I am attaching screenshots of both Tokens (Ours & Github)
Our Implementation of Personal Access Token
Guthub's Personal Access Token
I did some R&D and found this question but this does not provide any useful information for my case.
The algorithm is outlined on the blog post about the new tokens. There's a prefix (e.g., ghp_), a random component, and a checksum at the end. The random component is generated using a CSPRNG; it doesn't contain any ID or other encoded data.
The approach GitHub uses here is different than a JWT. In a JWT, there is some encoded data (some claims) that are prevented from tampering with a MAC or digital signature. In most cases, as long as the MAC or digital signature is valid, the token will be accepted until its expiration. With GitHub's tokens, the random component is the identifier of the token and all of the access it grants (including whether it is still valid) are verified by looking that up on the server side; the token doesn't contain that information.
- git push fails: RPC failed; result=22, HTTP code = 411
- GitHub API (v3): Order tags by creation date
- Merging two git repository into another with Github actions
- Git, fatal: The remote end hung up unexpectedly
- How is it best to update a project when updates are provided as an archive?
- PNPM Github actions flow
- Can't commit changes to GitHub in Visual Studio
- How can one display images side by side in a GitHub README.md?
- How to remove a pushed commit on GitHub?
- Downloading GitHub Actions workflow logs using GitHub api
- How to update my working Git branch from another branch (develop)?
- GitHub Login and Enterprise URL issue
- Git merge with beyond compare
- How can I create a multi-job GitHub Actions workflow with secrets?
- Checkout forked branch of repo without cloning fork
- Override configured user for a single git commit
- How to get pull request number within GitHub Actions workflow
- Run GitHub Action on multiple environments
- Failed to install 'unknown package' from GitHub
- Cite a paper using github markdown syntax
- How does a GitHub repository's gh-pages branch get created?
- How to check which person clone my project in github
- Delete forked repo from GitHub
- How to tell git to use the correct identity (name and email) for a given project?
- Is there a way to cache https credentials for pushing commits?
- Can I have my GitHub Pages index.html in a subfolder of the repository?
- Issues adding GitHub gist to my blog (using Google blogger)
- Downloading requirements.txt from GitHub
- Git magic keywords in commit messages (Signed-off-by, Co-authored-by, Fixes, ...)
- How long does it take GitHub page to update after changing index.html?