a-r-d/index.html

## index.html
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <title>JS Bin</title>

<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/core-min.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/hmac-sha1.js"></script>

</head>
<body>

<script id="jsbin-javascript">
// secret HMAC key
var secret = 'skKaTT2dJRXSH3sMxkZ2aWY95jfTeX';

var data = {
    expires: (new Date()).getTime() + 1000*60*60*24,
    userId: 'EjuKNCcMjUaxk',
    randomData: 'hello'
};
// encode it as base64 so it is HTTP safe.
function createTokenData(data) {
  return btoa(JSON.stringify(data));
}
var tokendata64 = createTokenData(data);
console.log('Token Data: ', data, tokendata64);

// note that I have included SHA1 HMAC creator from here:
// http://code.google.com/p/crypto-js/
function hmac_sha1(key, message) {
  //console.log('Creating HMAC for message: ' + message);
  return CryptoJS.HmacSHA1(message, key).toString();
}

// this takes strings
console.log('Computing HMAC...');
var signature = hmac_sha1(secret, tokendata64);
console.log('The signature: ', signature);

// token delimeter will be a tilda. It should be safe in a GET query param
var accesstoken = signature + '~' + tokendata64;
console.log('Our access token: ', accesstoken);

// We will pull the data backout into a javascript object
// and check to see if the signature is valid!
function parseToken(token, secretkey){
  // split by token delimeter
  var parts = token.split('~');
  var signature = parts[0];
  var data = parts[1];

  var verifysig = hmac_sha1(secretkey, data);
  var tokenInformation = {
    data: JSON.parse(atob(data)),
    signature: signature,
    valid: false
  };
  if(signature === verifysig) {
    tokenInformation.valid = true;
  }
  return tokenInformation;
}

var parsed = parseToken(accesstoken, secret);
console.log('Parsed token Data: ', parsed);
if(parsed.valid) {
  console.log('Parsed token has a valid signature!');
}
</script>
</body>
</html>
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>JS Bin</title>

	<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/core-min.js"></script>
	<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/hmac-sha1.js"></script>

	</head>
	<body>

	<script id="jsbin-javascript">
	// secret HMAC key
	var secret = 'skKaTT2dJRXSH3sMxkZ2aWY95jfTeX';

	var data = {
	expires: (new Date()).getTime() + 10006060*24,
	userId: 'EjuKNCcMjUaxk',
	randomData: 'hello'
	};
	// encode it as base64 so it is HTTP safe.
	function createTokenData(data) {
	return btoa(JSON.stringify(data));
	}
	var tokendata64 = createTokenData(data);
	console.log('Token Data: ', data, tokendata64);

	// note that I have included SHA1 HMAC creator from here:
	// http://code.google.com/p/crypto-js/
	function hmac_sha1(key, message) {
	//console.log('Creating HMAC for message: ' + message);
	return CryptoJS.HmacSHA1(message, key).toString();
	}

	// this takes strings
	console.log('Computing HMAC...');
	var signature = hmac_sha1(secret, tokendata64);
	console.log('The signature: ', signature);

	// token delimeter will be a tilda. It should be safe in a GET query param
	var accesstoken = signature + '~' + tokendata64;
	console.log('Our access token: ', accesstoken);

	// We will pull the data backout into a javascript object
	// and check to see if the signature is valid!
	function parseToken(token, secretkey){
	// split by token delimeter
	var parts = token.split('~');
	var signature = parts[0];
	var data = parts[1];

	var verifysig = hmac_sha1(secretkey, data);
	var tokenInformation = {
	data: JSON.parse(atob(data)),
	signature: signature,
	valid: false
	};
	if(signature === verifysig) {
	tokenInformation.valid = true;
	}
	return tokenInformation;
	}

	var parsed = parseToken(accesstoken, secret);
	console.log('Parsed token Data: ', parsed);
	if(parsed.valid) {
	console.log('Parsed token has a valid signature!');
	}
	</script>
	</body>
	</html>