randomBase64Url.php
Table of Contents
Functions
- randomBase64Url() : string
- Generates a cryptographically secure random token, encoded in base64url (RFC 4648 §5, URL-safe, no padding).
Functions
randomBase64Url()
Generates a cryptographically secure random token, encoded in base64url (RFC 4648 §5, URL-safe, no padding).
randomBase64Url([int $bytes = 32 ]) : string
The function reads $bytes of entropy from random_bytes() (a CSPRNG)
and encodes the result with base64UrlEncode(). The output is safe to
use in URLs, HTTP headers, filenames, JWT identifiers, OAuth state/nonce,
CSRF tokens and similar contexts.
Output length is ceil( $bytes * 4 / 3 ) characters (without padding).
Default $bytes = 32 yields 256 bits of entropy → 43 characters, which is
the recommended size for cryptographic tokens.
Parameters
- $bytes : int = 32
-
Number of random bytes to generate. Must be
>= 1. Defaults to 32 (256 bits of entropy).
Tags
Return values
string —The base64url-encoded random token. Always a subset of
[A-Za-z0-9_-].