Implementation of HMAC Based Token pattern

[gdelpu]

Hello,

In the frame of one of my project, I had to modify the Crumb plugin to implement an HMAC based token pattern to be used in a stateless server. I think it could valuable for the community to have it officially embedded in Crumb. The implementation follows the pattern described in the OWSAP cheatsheet. I have included a new option to specify the token generation to use: random (the method used by crumb as of now) or hmac (my current contribution)

Unit tests have been updated to test 100% of the code base with both generation method. API markdown documentation has also been updated accordingly.

[devinivy]

I can tell this was a major effort— the contribution offer is appreciated. There's a lot to dig into and consider here, but I wanted to followup to let you know that this has been seen 👍

[gdelpu]

@devinivy Thanks for your update. I'm looking into implementing the double submit pattern as described in the OWASP cheat sheet. Is it something the CRUMB community could be interested in?

[nlf]

@devinivy Thanks for your update. I'm looking into implementing the double submit pattern as described in the OWASP cheat sheet. Is it something the CRUMB community could be interested in?

if this is something you're interested in implementing we would be happy to review and merge!