Navigation

Validation Client

Protocol Version 2.0

class yubiotp.client.YubiClient20(api_id=1, api_key=None, ssl=False, timestamp=False, sl=None, timeout=None)[source]

Client for the Yubico validation service, version 2.0.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20

Parameters:
  • api_id (int) – Your API id.
  • api_key (bytes) – Your base64-encoded API key.
  • ssl (bool) – True if we should use https URLs by default.
  • timestamp (bool) – True if we want the server to include timestamp and counter information in the response.
  • sl – See protocol spec.
  • timeout – See protocol spec.
base_url

The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/2.0/verify'.

verify(token)

Verify a single Yubikey OTP against the validation service.

Parameters:token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
Returns:A response from the validation service.
Return type:YubiResponse
url(token, nonce=None)

Generates the validation URL without sending a request.

Parameters:
  • token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
  • nonce (str) – A nonce string, or None to generate a random one.
Returns:

The URL that we would use to validate the token.
Return type:

str

Protocol Version 1.1

class yubiotp.client.YubiClient11(api_id=1, api_key=None, ssl=False, timestamp=False)[source]

Client for the Yubico validation service, version 1.1.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV11

Parameters:
  • api_id (int) – Your API id.
  • api_key (bytes) – Your base64-encoded API key.
  • ssl (bool) – True if we should use https URLs by default.
  • timestamp (bool) – True if we want the server to include timestamp and counter information in the response.
base_url

The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/verify'.

verify(token)

Verify a single Yubikey OTP against the validation service.

Parameters:token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
Returns:A response from the validation service.
Return type:YubiResponse
url(token, nonce=None)

Generates the validation URL without sending a request.

Parameters:
  • token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
  • nonce (str) – A nonce string, or None to generate a random one.
Returns:

The URL that we would use to validate the token.
Return type:

str

Protocol Version 1.0

class yubiotp.client.YubiClient10(api_id=1, api_key=None, ssl=False)[source]

Client for the Yubico validation service, version 1.0.

http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV10

Parameters:
  • api_id (int) – Your API id.
  • api_key (bytes) – Your base64-encoded API key.
  • ssl (bool) – True if we should use https URLs by default.
base_url[source]

The base URL of the validation service. Set this if you want to use a custom validation service. Defaults to 'http[s]://api.yubico.com/wsapi/verify'.

verify(token)[source]

Verify a single Yubikey OTP against the validation service.

Parameters:token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey device.
Returns:A response from the validation service.
Return type:YubiResponse
url(token, nonce=None)[source]

Generates the validation URL without sending a request.

Parameters:
  • token (str) – A modhex-encoded YubiKey OTP, as generated by a YubiKey.
  • nonce (str) – A nonce string, or None to generate a random one.
Returns:

The URL that we would use to validate the token.
Return type:

str

Response

class yubiotp.client.YubiResponse(raw, api_key, token, nonce)[source]

A response from the Yubico validation service.

fields

A dictionary of the response fields (excluding ‘h’).

is_ok()[source]

Returns true if all validation checks pass and the status is ‘OK’.

Return type:bool
status()[source]

If the response is valid, this returns the value of the status field. Otherwise, it returns the special status 'BAD_RESPONSE'

is_valid(strict=True)[source]

Performs all validity checks (signature, token, and nonce).

Parameters:strict (bool) – If True, all validity checks must pass unambiguously. Otherwise, this only requires that no validity check fails.
Returns:True if none of the validity checks fail.
Return type:bool
is_signature_valid()[source]

Validates the response signature.

Returns:True if the signature is valid or if we did not sign the request. False if the signature is invalid.
Return type:bool
is_token_valid()[source]

Validates the otp token sent in the response.

Returns:True if the token in the response is the same as the one in the request; False if not; None if the response does not contain a token.
Return type:bool for a positive result or None for an ambiguous result.
is_nonce_valid()[source]

Validates the nonce value sent in the response.

Returns:True if the nonce in the response matches the one we sent (or didn’t send). False if the two do not match. None if we sent a nonce and did not receive one in the response: this is often true of error responses.
Return type:bool for a positive result or None for an ambiguous result.
public_id[source]

Returns the public id of the response token as a modhex string.

Return type:str or None.

Table Of Contents

Previous topic

OTP API

Next topic

YubiOTP Utilities

This Page

Navigation

© Copyright 2012, Peter Sagerson. Created using Sphinx 1.1.3.