Validation Client¶

Protocol Version 2.0¶

class yubiotp.client.YubiClient20(api_id=1, api_key=None, ssl=False, timestamp=False, sl=None, timeout=None)[source]¶

Client for the Yubico validation service, version 2.0.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20

Parameters:	api_id (int) – Your API id. api_key (bytes) – Your base64-encoded API key. ssl (bool) – `True` if we should use https URLs by default. timestamp (bool) – `True` if we want the server to include timestamp and counter information in the response. sl – See protocol spec. timeout – See protocol spec.

base_url¶: The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/2.0/verify'.

url(token, nonce=None)¶

Generates the validation URL without sending a request.

Parameters:	token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey. nonce (str) – A nonce string, or `None` to generate a random one.
Returns:	The URL that we would use to validate the token.
Return type:	str

verify(token)¶

Verify a single Yubikey OTP against the validation service.

Parameters:	token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
Returns:	A response from the validation service.
Return type:	`YubiResponse`

Protocol Version 1.1¶

class yubiotp.client.YubiClient11(api_id=1, api_key=None, ssl=False, timestamp=False)[source]¶

Client for the Yubico validation service, version 1.1.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV11

Parameters:	api_id (int) – Your API id. api_key (bytes) – Your base64-encoded API key. ssl (bool) – `True` if we should use https URLs by default. timestamp (bool) – `True` if we want the server to include timestamp and counter information in the response.

base_url¶: The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/verify'.

url(token, nonce=None)¶

Generates the validation URL without sending a request.

Parameters:	token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey. nonce (str) – A nonce string, or `None` to generate a random one.
Returns:	The URL that we would use to validate the token.
Return type:	str

verify(token)¶

Verify a single Yubikey OTP against the validation service.

Parameters:	token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
Returns:	A response from the validation service.
Return type:	`YubiResponse`

Protocol Version 1.0¶

class yubiotp.client.YubiClient10(api_id=1, api_key=None, ssl=False)[source]¶

Client for the Yubico validation service, version 1.0.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV10

Parameters:	api_id (int) – Your API id. api_key (bytes) – Your base64-encoded API key. ssl (bool) – `True` if we should use https URLs by default.

base_url¶: The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/verify'.

url(token, nonce=None)[source]¶

Generates the validation URL without sending a request.

Parameters:	token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey. nonce (str) – A nonce string, or `None` to generate a random one.
Returns:	The URL that we would use to validate the token.
Return type:	str

verify(token)[source]¶

Verify a single Yubikey OTP against the validation service.

Parameters:	token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
Returns:	A response from the validation service.
Return type:	`YubiResponse`

Response¶

class yubiotp.client.YubiResponse(raw, api_key, token, nonce)[source]¶

A response from the Yubico validation service.

fields¶: A dictionary of the response fields (excluding ‘h’).

is_nonce_valid()[source]¶

Validates the nonce value sent in the response.

Returns:	`True` if the nonce in the response matches the one we sent (or didn’t send). `False` if the two do not match. `None` if we sent a nonce and did not receive one in the response: this is often true of error responses.
Return type:	bool for a positive result or `None` for an ambiguous result.

is_ok()[source]¶

Returns true if all validation checks pass and the status is ‘OK’.

Return type:	bool

is_signature_valid()[source]¶

Validates the response signature.

Returns:	`True` if the signature is valid or if we did not sign the request. `False` if the signature is invalid.
Return type:	bool

is_token_valid()[source]¶

Validates the otp token sent in the response.

Returns:	`True` if the token in the response is the same as the one in the request; `False` if not; `None` if the response does not contain a token.
Return type:	bool for a positive result or `None` for an ambiguous result.

is_valid(strict=True)[source]¶

Performs all validity checks (signature, token, and nonce).

Parameters:	strict (bool) – If `True`, all validity checks must pass unambiguously. Otherwise, this only requires that no validity check fails.
Returns:	`True` if none of the validity checks fail.
Return type:	bool

public_id¶

Returns the public id of the response token as a modhex string.

Return type:	str or `None`.

status()[source]¶: If the response is valid, this returns the value of the status field. Otherwise, it returns the special status 'BAD_RESPONSE'