Django token authentication with hashed, salted tokens
Project description
django_salted_api_tokens
Django token authentication with hashed, salted tokens
- Django model with token id and token protected with hash and salt
- Authentication class using protected api tokens.
1. Github
https://github.com/harisankar-krishna-swamy/django_salted_api_tokens
2. Install
pip install django_salted_api_tokens
3. Configuration
- Add
DSAT_TOKEN_LENGTH
insettings.py
Default:80
Max length:256
- Add
DSAT_MAX_TOKENS_PER_USER
insettings.py
. Maximum number of tokens allowed per user. Subsequent requests for tokens will be rejected.
Default:10
- Add
DSAT_HASHLIB_ALGO
insettings.py
. A string representing the hash algorithm from hashlib.
Supported values are 'sha512', 'sha256', 'sha384' Default:sha512
Example
DSAT_TOKEN_LENGTH = 80
DSAT_MAX_TOKENS_PER_USER = 10
DSAT_HASHLIB_ALGO = 'sha512'
- Add
django_salted_api_tokens
to installed apps along withrest_framework
.
Example
INSTALLED_APPS = [
...
'rest_framework',
'django_salted_api_tokens',
...
]
- Add salted tokens authentication class to
REST_FRAMEWORK
insettings.py
.
Example
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'django_salted_api_tokens.authentication.TokenAuthentication',
],
}
- Add url to obtain token in your project
urls.py
.
Example
urlpatterns = [
...
path('dsat/', include('django_salted_api_tokens.urls')),
...
]
Run python manage.py migrate
to create model tables.
4. Usage
The url to obtain token will be available at dsat/create-dsat/
.
Example local url http://127.0.0.1:8000/dsat/create-dsat/
4.1 curl example
Create a user with password in your Django project.
# obtain token for user
curl -X POST -H "Content-Type: application/json" -d '{"username":"bob", "password":"bobspassword"}' http://127.0.0.1:8000/dsat/create-dsat/
{"token_id":"10bac501884e35723d7f28a63ddf845c656bd857",
"token":"9ec12fad574c0d6580e78f9f104f485ebad2eceea06cc9505c290bc0abce4d6ec1e85f1e25b8b04f",
"message":"These credentials will be lost forever if not stored now"}
# use token in a rest view using Authorization header
# Header format is token token_id token
curl -H "Authorization: token 10bac501884e35723d7f28a63ddf845c656bd857 9ec12fad574c0d6580e78f9f104f485ebad2eceea06cc9505c290bc0abce4d6ec1e85f1e25b8b04f" http:/127.0.0.1:8000/accounts/an-authenticated-view/
{"message":"Hello, World!"}
See example_django_project in source
5. License
Apache2 License
6. See also
DSAT provides a basic protection of tokens Vs clear tokens. Read Python docs at
https://docs.python.org/3/library/hashlib.html
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_salted_api_tokens-1.0.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 323be4938f00a5eb348b9b92b65419afab934cb4757b8b843b716e719bce72b0 |
|
MD5 | bbe81a543ffc2db6540d15322f9a45b9 |
|
BLAKE2b-256 | 3705262d346edcb267156f198eb295ae2beaee934b22d76ce056bd9a68b1e7f2 |
Hashes for django_salted_api_tokens-1.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a2338dae44507e95e2034c8abbec2d2f08c96ab56a678faa6c6638c2991f8298 |
|
MD5 | 916bd7b007ab83a714fff19c4698ad7d |
|
BLAKE2b-256 | 425755240829357b2307f00ae93365f83f12e7e191cc04e20b787fda2f7d6762 |