skip to navigation
skip to content

tokenlib 0.3.1


Latest Version: 2.0.0

This is generic support library for doing token-based authentication. You might use it to build a login system using bearer tokens, two-legged oauth, or MAC Access authentication.

Given a server-side master secret, you can serialize a dict of data into an opaque, unforgeable authentication token:

>>> token = tokenlib.make_token({"userid": 42}, secret="I_LIKE_UNICORNS")
>>> print token

Later, you can use the same secret to verify the token and extract the embedded data:

>>> data = tokenlib.parse_token(token, secret="I_LIKE_UNICORNS")
>>> print data
{u'userid': 42, u'expires': 1329875384.073159, u'salt': u'1c033f'}

Notice that the data includes an expiry time. If you try to parse an expired token, it will fail:

>>> # Use now=XXX to simulate a time in the future.
>>> tokenlib.parse_token(token, secret="I_LIKE_UNICORNS", now=9999999999)
Traceback (most recent call last):
ValueError: token has expired

Likewise, it will fail if the token was constructed with a non-matching secret key:

>>> tokenlib.parse_token(token, secret="I_HATE_UNICORNS")
Traceback (most recent call last):
ValueError: token has invalid signature

Each token also has an associated “token secret”. This is a secret key that can be shared with the consumer of the token to enable authentication schemes such as MAC Access Authentication of Two-Legged OAuth:

>>> key = tokenlib.get_token_secret(token, secret="I_LIKE_UNICORNS")
>>> print key

For applications that are using the same settings over and over again, you will probably want to create a TokenManager object rather than using the module-level convenience functions:

>>> manager = tokenlib.TokenManager(secret="I_LIKE_UNICORNS")
>>> data = manager.parse_token(token)
>>> print data
{u'userid': 42, u'expires': 1329875384.073159, u'salt': u'1c033f'}

This will let you customize e.g. the token expiry timeout or hash module without repeating the settings in each call.

0.3.1 - 2014-01-08

  • Make tokenlib.DEFAULT_HASHMOD a string.
  • Fix sporadically-failing test.

0.3.0 - 2014-01-08

  • clarified licensing info
  • switched to sha256 as default hashing algorithm
  • renamed get_token_secret to get_derived_secret to clarify its purpose; the previous name remains but is deprecated.
  • added custom ValueError subclasses for more fine-grained error reporting.

0.2.0 - 2012-11-27

  • support for python3 via source-level compatibility

0.1.0 - 2012-03-14

  • Initial release.
File Type Py Version Uploaded on Size
tokenlib-0.3.1.tar.gz (md5) Source 2014-01-08 7KB