TokenHasher
in package
Service for hashing API and remember-me tokens.
Uses SHA-256 for fast, secure token hashing. Unlike passwords which need slow hashing (bcrypt), tokens are random and don't need protection against dictionary attacks. SHA-256 provides secure one-way hashing that's efficient for token validation.
Tags
Table of Contents
Methods
- generate() : string
- Generate a secure random token.
- hash() : string
- Hash a token for storage.
- verify() : bool
- Verify a token against a stored hash.
Methods
generate()
Generate a secure random token.
public
generate([int<1, max> $length = 32 ]) : string
Parameters
- $length : int<1, max> = 32
-
Token length in bytes (default 32 = 64 hex chars)
Return values
string —The generated token (hex encoded)
hash()
Hash a token for storage.
public
hash(string $token) : string
Parameters
- $token : string
-
The plaintext token
Return values
string —The hashed token (64 hex characters)
verify()
Verify a token against a stored hash.
public
verify(string $token, string $hash) : bool
Parameters
- $token : string
-
The plaintext token to verify
- $hash : string
-
The stored hash to verify against
Return values
bool —True if the token matches the hash