Validation Client¶
Protocol Version 2.0¶
- class yubiotp.client.YubiClient20(api_id=1, api_key=None, ssl=False, timestamp=False, sl=None, timeout=None)[source]¶
Client for the Yubico validation service, version 2.0.
http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20
- Parameters:
api_id (int) – Your API id.
api_key (bytes) – Your base64-encoded API key.
ssl (bool) –
True
if we should use https URLs by default.timestamp (bool) –
True
if we want the server to include timestamp and counter information in the response.sl – See protocol spec.
timeout – See protocol spec.
- base_url¶
The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to
'http[s]://api.yubico.com/wsapi/2.0/verify'
.
- url(token, nonce=None)¶
Generates the validation URL without sending a request.
- Parameters:
token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
nonce (str) – A nonce string, or
None
to generate a random one.
- Returns:
The URL that we would use to validate the token.
- Return type:
str
- verify(token)¶
Verify a single Yubikey OTP against the validation service.
- Parameters:
token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
- Returns:
A response from the validation service.
- Return type:
Protocol Version 1.1¶
- class yubiotp.client.YubiClient11(api_id=1, api_key=None, ssl=False, timestamp=False)[source]¶
Client for the Yubico validation service, version 1.1.
http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV11
- Parameters:
api_id (int) – Your API id.
api_key (bytes) – Your base64-encoded API key.
ssl (bool) –
True
if we should use https URLs by default.timestamp (bool) –
True
if we want the server to include timestamp and counter information in the response.
- base_url¶
The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to
'http[s]://api.yubico.com/wsapi/verify'
.
- url(token, nonce=None)¶
Generates the validation URL without sending a request.
- Parameters:
token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
nonce (str) – A nonce string, or
None
to generate a random one.
- Returns:
The URL that we would use to validate the token.
- Return type:
str
- verify(token)¶
Verify a single Yubikey OTP against the validation service.
- Parameters:
token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
- Returns:
A response from the validation service.
- Return type:
Protocol Version 1.0¶
- class yubiotp.client.YubiClient10(api_id=1, api_key=None, ssl=False)[source]¶
Client for the Yubico validation service, version 1.0.
http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV10
- Parameters:
api_id (int) – Your API id.
api_key (bytes) – Your base64-encoded API key.
ssl (bool) –
True
if we should use https URLs by default.
- base_url¶
The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to
'http[s]://api.yubico.com/wsapi/verify'
.
- url(token, nonce=None)[source]¶
Generates the validation URL without sending a request.
- Parameters:
token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
nonce (str) – A nonce string, or
None
to generate a random one.
- Returns:
The URL that we would use to validate the token.
- Return type:
str
Response¶
- class yubiotp.client.YubiResponse(raw, api_key, token, nonce)[source]¶
A response from the Yubico validation service.
- fields¶
A dictionary of the response fields (excluding ‘h’).
- is_nonce_valid()[source]¶
Validates the nonce value sent in the response.
- Returns:
True
if the nonce in the response matches the one we sent (or didn’t send).False
if the two do not match.None
if we sent a nonce and did not receive one in the response: this is often true of error responses.- Return type:
bool for a positive result or
None
for an ambiguous result.
- is_ok()[source]¶
Returns true if all validation checks pass and the status is ‘OK’.
- Return type:
bool
- is_signature_valid()[source]¶
Validates the response signature.
- Returns:
True
if the signature is valid or if we did not sign the request.False
if the signature is invalid.- Return type:
bool
- is_token_valid()[source]¶
Validates the otp token sent in the response.
- Returns:
True
if the token in the response is the same as the one in the request;False
if not;None
if the response does not contain a token.- Return type:
bool for a positive result or
None
for an ambiguous result.
- is_valid(strict=True)[source]¶
Performs all validity checks (signature, token, and nonce).
- Parameters:
strict (bool) – If
True
, all validity checks must pass unambiguously. Otherwise, this only requires that no validity check fails.- Returns:
True
if none of the validity checks fail.- Return type:
bool
- property public_id¶
Returns the public id of the response token as a modhex string.
- Return type:
str or
None
.