How to Create Secret Tokens in Python

03115

If you working with web applications, it usually necessary to If you working with web applications, it usually necessary to generate tokens, API keys, personal keys etc.

We assign them to clients to use as authentication.

We already saw how to create secrets. However using that method could cause problem sometimes like if we use them in url.

Python’s built-in secrets module provides functions for generating secure tokens, suitable for methods such as password resets, hard-to-guess URLs, and similar.

Generating Tokens

Bytes

Return a random byte string containing nbytes number of bytes 

<span># utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- </span><span>import</span> <span>string</span>
<span>import</span> <span>secrets</span>
<span>def</span> <span>generate_token_bytes</span><span>(</span><span>length</span><span>:</span> <span>int</span> <span>=</span> <span>32</span><span>):</span>
    <span>return</span> <span>secrets</span><span>.</span><span>token_bytes</span><span>(</span><span>length</span><span>)</span>
<span># utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- </span><span>import</span> <span>string</span>
<span>import</span> <span>secrets</span>


<span>def</span> <span>generate_token_bytes</span><span>(</span><span>length</span><span>:</span> <span>int</span> <span>=</span> <span>32</span><span>):</span>
    <span>return</span> <span>secrets</span><span>.</span><span>token_bytes</span><span>(</span><span>length</span><span>)</span>
# utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- import string
import secrets


def generate_token_bytes(length: int = 32):
    return secrets.token_bytes(length)

Enter fullscreen mode Exit fullscreen mode 

<span>In</span> <span>[</span><span>2</span><span>]:</span> <span>generate_token_bytes</span><span>()</span>
<span>Out</span><span>[</span><span>2</span><span>]:</span> <span>b</span><span>'</span><span>\x8a\xb7\x19\xd8\x8f\x94\x16\x15\xed</span><span>g</span><span>\xc1\x83</span><span>3</span><span>\xd4\xb9\xfe\xd8\xa7\xc5\xa1</span><span>7d</span><span>\xd7</span><span>k</span><span>\xe5\x14\xea\xe4\x7f</span><span>z</span><span>\x0f</span><span>}'</span>
<span>In</span> <span>[</span><span>2</span><span>]:</span> <span>generate_token_bytes</span><span>()</span>
<span>Out</span><span>[</span><span>2</span><span>]:</span> <span>b</span><span>'</span><span>\x8a\xb7\x19\xd8\x8f\x94\x16\x15\xed</span><span>g</span><span>\xc1\x83</span><span>3</span><span>\xd4\xb9\xfe\xd8\xa7\xc5\xa1</span><span>7d</span><span>\xd7</span><span>k</span><span>\xe5\x14\xea\xe4\x7f</span><span>z</span><span>\x0f</span><span>}'</span>
In [2]: generate_token_bytes()
Out[2]: b'\x8a\xb7\x19\xd8\x8f\x94\x16\x15\xedg\xc1\x833\xd4\xb9\xfe\xd8\xa7\xc5\xa17d\xd7k\xe5\x14\xea\xe4\x7fz\x0f}'

Enter fullscreen mode Exit fullscreen mode

Hex

Return a random text string, in hexadecimal. 

<span># utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- </span><span>import</span> <span>string</span>
<span>import</span> <span>secrets</span>
<span>def</span> <span>generate_token_bytes</span><span>(</span><span>length</span><span>:</span> <span>int</span> <span>=</span> <span>32</span><span>):</span>
    <span>return</span> <span>secrets</span><span>.</span><span>token_bytes</span><span>(</span><span>length</span><span>)</span>
<span># utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- </span><span>import</span> <span>string</span>
<span>import</span> <span>secrets</span>


<span>def</span> <span>generate_token_bytes</span><span>(</span><span>length</span><span>:</span> <span>int</span> <span>=</span> <span>32</span><span>):</span>
    <span>return</span> <span>secrets</span><span>.</span><span>token_bytes</span><span>(</span><span>length</span><span>)</span>
# utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- import string
import secrets


def generate_token_bytes(length: int = 32):
    return secrets.token_bytes(length)

Enter fullscreen mode Exit fullscreen mode 

<span>In</span> <span>[</span><span>3</span><span>]:</span> <span>generate_token_hex</span><span>()</span>
<span>Out</span><span>[</span><span>3</span><span>]:</span> <span>'b9165728eb46a36db8389c902c20bd7bd7a8430be398f47818323b0d15b46600'</span>
<span>In</span> <span>[</span><span>3</span><span>]:</span> <span>generate_token_hex</span><span>()</span>
<span>Out</span><span>[</span><span>3</span><span>]:</span> <span>'b9165728eb46a36db8389c902c20bd7bd7a8430be398f47818323b0d15b46600'</span>
In [3]: generate_token_hex()
Out[3]: 'b9165728eb46a36db8389c902c20bd7bd7a8430be398f47818323b0d15b46600'

Enter fullscreen mode Exit fullscreen mode

URL Safe

Return a random URL-safe text string, containing nbytes random bytes. 

<span># utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- </span><span>import</span> <span>string</span>
<span>import</span> <span>secrets</span>
<span>def</span> <span>generate_token_urlsafe</span><span>(</span><span>length</span><span>:</span> <span>int</span> <span>=</span> <span>32</span><span>):</span>
    <span>return</span> <span>secrets</span><span>.</span><span>token_urlsafe</span><span>(</span><span>length</span><span>)</span>
<span># utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- </span><span>import</span> <span>string</span>
<span>import</span> <span>secrets</span>


<span>def</span> <span>generate_token_urlsafe</span><span>(</span><span>length</span><span>:</span> <span>int</span> <span>=</span> <span>32</span><span>):</span>
    <span>return</span> <span>secrets</span><span>.</span><span>token_urlsafe</span><span>(</span><span>length</span><span>)</span>
# utils/secrets.py #!/usr/bin/env python3 # -*- coding: utf-8 -*- import string
import secrets


def generate_token_urlsafe(length: int = 32):
    return secrets.token_urlsafe(length)

Enter fullscreen mode Exit fullscreen mode 

<span>In</span> <span>[</span><span>5</span><span>]:</span> <span>generate_token_urlsafe</span><span>()</span>
<span>Out</span><span>[</span><span>5</span><span>]:</span> <span>'uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA'</span>
<span>In</span> <span>[</span><span>5</span><span>]:</span> <span>generate_token_urlsafe</span><span>()</span>
<span>Out</span><span>[</span><span>5</span><span>]:</span> <span>'uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA'</span>
In [5]: generate_token_urlsafe()
Out[5]: 'uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA'

Enter fullscreen mode Exit fullscreen mode

urlsafe is very useful when you want to use password reset: 

http://tech.serhatteker.com/accounts/reset/MQ/uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA/
http://tech.serhatteker.com/accounts/reset/MQ/uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA/
http://tech.serhatteker.com/accounts/reset/MQ/uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA/

Enter fullscreen mode Exit fullscreen mode

or using it as a password: 

<span># redis://user:pass@instance:port/db</span>
redis://redis-user:uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA@redis_instance_url:6379/0
<span># redis://user:pass@instance:port/db</span>
redis://redis-user:uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA@redis_instance_url:6379/0
# redis://user:pass@instance:port/db
redis://redis-user:uNuz07y8mkmwvHftrszV_SFffh9LT25L98UZO0w_LHA@redis_instance_url:6379/0

Enter fullscreen mode Exit fullscreen mode

All done!

原文链接:How to Create Secret Tokens in Python

展开阅读全文
© 版权声明
文章版权声明 1、本网站名称:拾光赋
2、本站永久网址:https://www.blogs.ink
3、本网站的文章部分内容可能来源于网络,仅供大家学习与参考,如有侵权,请联系站长QQ:805375623进行删除处理。
4、本站一切资源不代表本站立场,并不代表本站赞同其观点和对其真实性负责。
5、本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
6、本站资源大多存储在云盘,如发现链接失效,请联系我们我们会第一时间更新。

THE END
Python(EN)
# python# security# secret
喜欢就支持一下吧
点赞15 分享
So what if we fall down? At least we are still young.
摔倒了又怎样,至少我们还年轻
评论 抢沙发

请登录后发表评论

    暂无评论内容

文章目录
kity的头像-拾光赋
文章目录
今日剩余 28.2%
本周剩余 32.6%
本月剩余 64.3%
本年剩余 72.4%
最近评论
Vito的头像-拾光赋

Vito6个月前2

你就是我心中的那首忐忑,总是让我惊心动魄
Jason.Meng的头像-拾光赋钻石会员

Jason.Meng徽章-人气大使-拾光赋6个月前2

总是会在人生的不同阶段反复爱上大佬的文章~
每日一言
You have to work very hard to seem effortless.
你必须十分努力,才能看上去毫不费劲