I went through many posts on stackoverflow to find how to create a simple web token to confirm a sign up via mail. Without seeing any "official" manner or common technics.
My though was instead of adding a specific cell in database with expiry date to encrypt or hash the expiry date , the email and a random value (generated with randomSecure) to create my token.
Is this the good manner to achieve that? are there library to automatically do that.
Any help is greatly appreciated.
You (probably) need a way to prevent someone from generating their own tokens. If your token has the expiry date and email address in clear in the token, then they can be reverse engineered with little effort, so the only secure information is the random number. But in order for the random number to be useful (from a security perspective), your server needs to remember the random number. But if you are going to do that, the other information is redundant.
So my suggestion is to just use the random number as the token. And a good way to generate a random number with suitable "text armor" is to generate a type-4 UUID; see the UUID class javadoc for details. The rest of the information (the expiry, the email address and the unique key for the user's registration info) can be stored in a database table and not sent to the user.
