Django token authentication with hashed, salted tokens
Project description
django_salted_api_tokens
Django token authentication with hashed, salted tokens
- Django model with token id and token protected with hash and salt
- Authentication class using protected api tokens.
1. Github
https://github.com/harisankar-krishna-swamy/django_salted_api_tokens
2. Install
pip install django_salted_api_tokens
3. Configuration
- Add
DSAT_TOKEN_LENGTH
insettings.py
Default:80
Max length:256
- Add
DSAT_MAX_TOKENS_PER_USER
insettings.py
. Maximum number of tokens allowed per user. Subsequent requests for tokens will be rejected.
Default:10
- Add
DSAT_HASHLIB_ALGO
insettings.py
. A string representing the hash algorithm from hashlib.
Supported values are 'sha512', 'sha256', 'sha384' Default:sha512
Example
DSAT_TOKEN_LENGTH = 80
DSAT_MAX_TOKENS_PER_USER = 10
DSAT_HASHLIB_ALGO = 'sha512'
- Add
django_salted_api_tokens
to installed apps along withrest_framework
.
Example
INSTALLED_APPS = [
...
'rest_framework',
'django_salted_api_tokens',
...
]
- Add salted tokens authentication class to
REST_FRAMEWORK
insettings.py
.
Example
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_salted_api_tokens.authentication.TokenAuthentication',
],
}
- Add url to obtain token in your project
urls.py
.
Example
urlpatterns = [
...
path('dsat/', include('django_salted_api_tokens.urls')),
...
]
Run python manage.py migrate
to create model tables.
4. Usage
The url to obtain token will be available at dsat/create-dsat/
.
Example local url http://127.0.0.1:8000/dsat/create-dsat/
4.1 curl example
Create a user with password in your Django project.
# obtain token for user
curl -X POST -H "Content-Type: application/json" -d '{"username":"bob", "password":"bobspassword"}' http://127.0.0.1:8000/dsat/create-dsat/
{"token_id":"10bac501884e35723d7f28a63ddf845c656bd857",
"token":"9ec12fad574c0d6580e78f9f104f485ebad2eceea06cc9505c290bc0abce4d6ec1e85f1e25b8b04f",
"message":"These credentials will be lost forever if not stored now"}
# use token in a rest view using Authorization header
# Header format is token token_id token
curl -H "Authorization: token 10bac501884e35723d7f28a63ddf845c656bd857 9ec12fad574c0d6580e78f9f104f485ebad2eceea06cc9505c290bc0abce4d6ec1e85f1e25b8b04f" http:/127.0.0.1:8000/accounts/an-authenticated-view/
{"message":"Hello, World!"}
See example_django_project in source
5. License
Apache2 License
6. See also
DSAT provides a basic protection of tokens Vs clear tokens. Read Python docs at
https://docs.python.org/3/library/hashlib.html
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_salted_api_tokens-1.0.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | d739f2d29b55834526c3139872ef1a6c2f9d67cd0ff198a914db813cdcde7587 |
|
MD5 | ab49877eff250af318b82fc5dd5693f4 |
|
BLAKE2b-256 | b1cc26a79db691922857fa24fd677b9e4dac544f88c45f7ed5f1f22d3902db1d |
Hashes for django_salted_api_tokens-1.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 81f95c06e1682150401870a6d370073363064f442739859ae16c90777e5c9d80 |
|
MD5 | fd73e097e5b6de50975bbe89d10659eb |
|
BLAKE2b-256 | b8286062e962209b7eac467204a272245144d211a4e56307c3783307f2e34013 |