Django token authentication with hashed, salted tokens
Project description
django_salted_api_tokens
Django token authentication with hashed, salted tokens
- Django model with token id and token protected with hash and salt
- Authentication class using protected api tokens.
1. Github
https://github.com/harisankar-krishna-swamy/django_salted_api_tokens
2. Install
pip install django_salted_api_tokens
3. Configuration
- Add
DSAT_TOKEN_LENGTHinsettings.py
Default:80Max length:256 - Add
DSAT_MAX_TOKENS_PER_USERinsettings.py. Maximum number of tokens allowed per user. Subsequent requests for tokens will be rejected.
Default:10 - Add
DSAT_HASHLIB_ALGOinsettings.py. A string representing the hash algorithm from hashlib.
Supported values are 'sha512', 'sha256', 'sha384' Default:sha512
Example
DSAT_TOKEN_LENGTH = 80
DSAT_MAX_TOKENS_PER_USER = 10
DSAT_HASHLIB_ALGO = 'sha512'
- Add
django_salted_api_tokensto installed apps along withrest_framework.
Example
INSTALLED_APPS = [
...
'rest_framework',
'django_salted_api_tokens',
...
]
- Add salted tokens authentication class to
REST_FRAMEWORKinsettings.py.
Example
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_salted_api_tokens.authentication.TokenAuthentication',
],
}
- Add url to obtain token in your project
urls.py.
Example
urlpatterns = [
...
path('dsat/', include('django_salted_api_tokens.urls')),
...
]
Run python manage.py migrate to create model tables.
4. Usage
The url to obtain token will be available at dsat/create-dsat/.
Example local url http://127.0.0.1:8000/dsat/create-dsat/
4.1 curl example
Create a user with password in your Django project.
# obtain token for user
curl -X POST -H "Content-Type: application/json" -d '{"username":"bob", "password":"bobspassword"}' http://127.0.0.1:8000/dsat/create-dsat/
{"token_id":"10bac501884e35723d7f28a63ddf845c656bd857",
"token":"9ec12fad574c0d6580e78f9f104f485ebad2eceea06cc9505c290bc0abce4d6ec1e85f1e25b8b04f",
"message":"These credentials will be lost forever if not stored now"}
# use token in a rest view using Authorization header
# Header format is token token_id token
curl -H "Authorization: token 10bac501884e35723d7f28a63ddf845c656bd857 9ec12fad574c0d6580e78f9f104f485ebad2eceea06cc9505c290bc0abce4d6ec1e85f1e25b8b04f" http:/127.0.0.1:8000/accounts/an-authenticated-view/
{"message":"Hello, World!"}
See example_django_project in source
5. License
Apache2 License
6. See also
DSAT provides a basic protection of tokens Vs clear tokens. Read Python docs at
https://docs.python.org/3/library/hashlib.html
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_salted_api_tokens-1.0.3.tar.gz.
File metadata
- Download URL: django_salted_api_tokens-1.0.3.tar.gz
- Upload date:
- Size: 16.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 323be4938f00a5eb348b9b92b65419afab934cb4757b8b843b716e719bce72b0 |
|
| MD5 | bbe81a543ffc2db6540d15322f9a45b9 |
|
| BLAKE2b-256 | 3705262d346edcb267156f198eb295ae2beaee934b22d76ce056bd9a68b1e7f2 |
File details
Details for the file django_salted_api_tokens-1.0.3-py3-none-any.whl.
File metadata
- Download URL: django_salted_api_tokens-1.0.3-py3-none-any.whl
- Upload date:
- Size: 23.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a2338dae44507e95e2034c8abbec2d2f08c96ab56a678faa6c6638c2991f8298 |
|
| MD5 | 916bd7b007ab83a714fff19c4698ad7d |
|
| BLAKE2b-256 | 425755240829357b2307f00ae93365f83f12e7e191cc04e20b787fda2f7d6762 |
