Hi, is it secure to use crypto random bytes to generate both access token and refresh token?

browserify / randombytes

random bytes from browserify stand alone

MIT License

100 stars 48 forks source link

Hi, is it secure to use crypto random bytes to generate both access token and refresh token? #23

Closed KaizenTamashi closed 4 years ago

KaizenTamashi commented 4 years ago

Question

Hi, is it secure to use crypto random bytes to generate both access token and refresh token for custom authentication?

calvinmetcalf commented 4 years ago

if you have a library that is used both in the browser and in node then yes this is a good option to use, if you are just targeting just the browser or just node it's probably better to directly use crypto.getRandomValues or crypto.randomBytes respectively

KaizenTamashi commented 4 years ago

@calvinmetcalf Thanks :)