Validation Client

Protocol Version 2.0

class yubiotp.client.YubiClient20(api_id=1, api_key=None, ssl=False, timestamp=False, sl=None, timeout=None)[source]

Client for the Yubico validation service, version 2.0.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20

Parameters:

  • api_id (int) – Your API id.

  • api_key (bytes) – Your base64-encoded API key.

  • ssl (bool) – True if we should use https URLs by default.

  • timestamp (bool) – True if we want the server to include timestamp and counter information in the response.

  • sl – See protocol spec.

  • timeout – See protocol spec.

base_url

The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/2.0/verify'.

url(token, nonce=None)

Generates the validation URL without sending a request.

Parameters:

  • token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.

  • nonce (str) – A nonce string, or None to generate a random one.

Returns:

The URL that we would use to validate the token.

Return type:

str

verify(token)

Verify a single Yubikey OTP against the validation service.

Parameters:

token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.

Returns:

A response from the validation service.

Return type:

YubiResponse

Protocol Version 1.1

class yubiotp.client.YubiClient11(api_id=1, api_key=None, ssl=False, timestamp=False)[source]

Client for the Yubico validation service, version 1.1.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV11

Parameters:

  • api_id (int) – Your API id.

  • api_key (bytes) – Your base64-encoded API key.

  • ssl (bool) – True if we should use https URLs by default.

  • timestamp (bool) – True if we want the server to include timestamp and counter information in the response.

base_url

The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/verify'.

url(token, nonce=None)

Generates the validation URL without sending a request.

Parameters:

  • token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.

  • nonce (str) – A nonce string, or None to generate a random one.

Returns:

The URL that we would use to validate the token.

Return type:

str

verify(token)

Verify a single Yubikey OTP against the validation service.

Parameters:

token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.

Returns:

A response from the validation service.

Return type:

YubiResponse

Protocol Version 1.0

class yubiotp.client.YubiClient10(api_id=1, api_key=None, ssl=False)[source]

Client for the Yubico validation service, version 1.0.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV10

Parameters:

  • api_id (int) – Your API id.

  • api_key (bytes) – Your base64-encoded API key.

  • ssl (bool) – True if we should use https URLs by default.

base_url

The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/verify'.

url(token, nonce=None)[source]

Generates the validation URL without sending a request.

Parameters:

  • token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.

  • nonce (str) – A nonce string, or None to generate a random one.

Returns:

The URL that we would use to validate the token.

Return type:

str

verify(token)[source]

Verify a single Yubikey OTP against the validation service.

Parameters:

token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.

Returns:

A response from the validation service.

Return type:

YubiResponse

Response

class yubiotp.client.YubiResponse(raw, api_key, token, nonce)[source]

A response from the Yubico validation service.

fields

A dictionary of the response fields (excluding ‘h’).

is_nonce_valid()[source]

Validates the nonce value sent in the response.

Returns:

True if the nonce in the response matches the one we sent (or didn’t send). False if the two do not match. None if we sent a nonce and did not receive one in the response: this is often true of error responses.

Return type:

bool for a positive result or None for an ambiguous result.

is_ok()[source]

Returns true if all validation checks pass and the status is ‘OK’.

Return type:

bool

is_signature_valid()[source]

Validates the response signature.

Returns:

True if the signature is valid or if we did not sign the request. False if the signature is invalid.

Return type:

bool

is_token_valid()[source]

Validates the otp token sent in the response.

Returns:

True if the token in the response is the same as the one in the request; False if not; None if the response does not contain a token.

Return type:

bool for a positive result or None for an ambiguous result.

is_valid(strict=True)[source]

Performs all validity checks (signature, token, and nonce).

Parameters:

strict (bool) – If True, all validity checks must pass unambiguously. Otherwise, this only requires that no validity check fails.

Returns:

True if none of the validity checks fail.

Return type:

bool

property public_id

Returns the public id of the response token as a modhex string.

Return type:

str or None.

status()[source]

If the response is valid, this returns the value of the status field. Otherwise, it returns the special status 'BAD_RESPONSE'