exoscale.itsdangerous
ItsDangerous signed token implementation. This namespace provides two main
signatures: sign and verify, refer to their documentation for details.
ItsDangerous uses a simple hmac-based scheme to sign credentials. It is
widely used in the Python world, especially in Flask applications.
See https://itsdangerous.palletsprojects.com/en/1.1.x/ for more details.
ItsDangerous revolves around tuples of [payload, timestamp, signature]
or the untimed [payload, signature] alternative. In its URL safe variant,
each element of the tuple is Base64 encoded. This is the only variant
supported in this implementation.
When signing and verifying, ItsDangerous supports the addition of a somewhat misnamed salt, used to namespace signing. In this case, the key is derived by first hashing the salt. The derived key is then used to sign or verify payloads.
Knowledge that should be shared out-of-band between signers and verifiers:
- A secret key (K)
- A salt for namespacing (S)
- The selected hashing algorithm (A) (with functions HASH_A and HMAC_A)
For a payload P at timestamp T, signing consists of:
TOSIGN = T ? (B64(P) + '.' + B64(T)) : (B64(P))
B64(P) + TOSIGN + '.' + B64(HMAC_A(HASH_A(K, S), TOSIGN))
ItsDangerous signed token implementation. This namespace provides two main
signatures: `sign` and `verify`, refer to their documentation for details.
ItsDangerous uses a simple hmac-based scheme to sign credentials. It is
widely used in the Python world, especially in Flask applications.
See https://itsdangerous.palletsprojects.com/en/1.1.x/ for more details.
ItsDangerous revolves around tuples of `[payload, timestamp, signature]`
or the untimed `[payload, signature]` alternative. In its URL safe variant,
each element of the tuple is Base64 encoded. This is the only variant
supported in this implementation.
When signing and verifying, ItsDangerous supports the addition of a somewhat
misnamed *salt*, used to namespace signing. In this case, the key is derived
by first hashing the salt. The derived key is then used to sign or verify
payloads.
Knowledge that should be shared out-of-band between signers and verifiers:
- A secret key (K)
- A salt for namespacing (S)
- The selected hashing algorithm (A) (with functions HASH_A and HMAC_A)
For a payload P at timestamp T, signing consists of:
TOSIGN = T ? (B64(P) + '.' + B64(T)) : (B64(P))
B64(P) + TOSIGN + '.' + B64(HMAC_A(HASH_A(K, S), TOSIGN))exoscale.itsdangerous.codec
Standard format coercers
Standard format coercers
exoscale.itsdangerous.hmac
JavaSE based implementation of hashed based message authentication.
JavaSE based implementation of hashed based message authentication.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |