Validation Client¶
Protocol Version 2.0¶
-
class
yubiotp.client.
YubiClient20
(api_id=1, api_key=None, ssl=False, timestamp=False, sl=None, timeout=None)[source]¶ Client for the Yubico validation service, version 2.0.
http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20
Parameters: - api_id (int) – Your API id.
- api_key (bytes) – Your base64-encoded API key.
- ssl (bool) –
True
if we should use https URLs by default. - timestamp (bool) –
True
if we want the server to include timestamp and counter information in the response. - sl – See protocol spec.
- timeout – See protocol spec.
-
base_url
¶ The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to
'http[s]://api.yubico.com/wsapi/2.0/verify'
.
-
url
(token, nonce=None)¶ Generates the validation URL without sending a request.
Parameters: - token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
- nonce (str) – A nonce string, or
None
to generate a random one.
Returns: The URL that we would use to validate the token.
Return type: str
-
verify
(token)¶ Verify a single Yubikey OTP against the validation service.
Parameters: token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device. Returns: A response from the validation service. Return type: YubiResponse
Protocol Version 1.1¶
-
class
yubiotp.client.
YubiClient11
(api_id=1, api_key=None, ssl=False, timestamp=False)[source]¶ Client for the Yubico validation service, version 1.1.
http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV11
Parameters: - api_id (int) – Your API id.
- api_key (bytes) – Your base64-encoded API key.
- ssl (bool) –
True
if we should use https URLs by default. - timestamp (bool) –
True
if we want the server to include timestamp and counter information in the response.
-
base_url
¶ The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to
'http[s]://api.yubico.com/wsapi/verify'
.
-
url
(token, nonce=None)¶ Generates the validation URL without sending a request.
Parameters: - token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
- nonce (str) – A nonce string, or
None
to generate a random one.
Returns: The URL that we would use to validate the token.
Return type: str
-
verify
(token)¶ Verify a single Yubikey OTP against the validation service.
Parameters: token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device. Returns: A response from the validation service. Return type: YubiResponse
Protocol Version 1.0¶
-
class
yubiotp.client.
YubiClient10
(api_id=1, api_key=None, ssl=False)[source]¶ Client for the Yubico validation service, version 1.0.
http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV10
Parameters: - api_id (int) – Your API id.
- api_key (bytes) – Your base64-encoded API key.
- ssl (bool) –
True
if we should use https URLs by default.
-
base_url
¶ The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to
'http[s]://api.yubico.com/wsapi/verify'
.
-
url
(token, nonce=None)[source]¶ Generates the validation URL without sending a request.
Parameters: - token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
- nonce (str) – A nonce string, or
None
to generate a random one.
Returns: The URL that we would use to validate the token.
Return type: str
-
verify
(token)[source]¶ Verify a single Yubikey OTP against the validation service.
Parameters: token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device. Returns: A response from the validation service. Return type: YubiResponse
Response¶
-
class
yubiotp.client.
YubiResponse
(raw, api_key, token, nonce)[source]¶ A response from the Yubico validation service.
-
fields
¶ A dictionary of the response fields (excluding ‘h’).
-
is_nonce_valid
()[source]¶ Validates the nonce value sent in the response.
Returns: True
if the nonce in the response matches the one we sent (or didn’t send).False
if the two do not match.None
if we sent a nonce and did not receive one in the response: this is often true of error responses.Return type: bool for a positive result or None
for an ambiguous result.
-
is_ok
()[source]¶ Returns true if all validation checks pass and the status is ‘OK’.
Return type: bool
-
is_signature_valid
()[source]¶ Validates the response signature.
Returns: True
if the signature is valid or if we did not sign the request.False
if the signature is invalid.Return type: bool
-
is_token_valid
()[source]¶ Validates the otp token sent in the response.
Returns: True
if the token in the response is the same as the one in the request;False
if not;None
if the response does not contain a token.Return type: bool for a positive result or None
for an ambiguous result.
-
is_valid
(strict=True)[source]¶ Performs all validity checks (signature, token, and nonce).
Parameters: strict (bool) – If True
, all validity checks must pass unambiguously. Otherwise, this only requires that no validity check fails.Returns: True
if none of the validity checks fail.Return type: bool
-
public_id
¶ Returns the public id of the response token as a modhex string.
Return type: str or None
.
-