Skip to content

tuupola/pybranca

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits

.github/workflows

.github/workflows

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

branca.py

branca.py

 
 

branca_test.py

branca_test.py

 
 

codecov.yml

codecov.yml

 
 

requirements.txt

requirements.txt

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

xchacha20poly1305.py

xchacha20poly1305.py

 
 

Repository files navigation

Branca Tokens for Python

Authenticated and encrypted API tokens using modern crypto.

Latest Version Software License Build Status Coverage

What?

Branca is a secure easy to use token format which makes it hard to shoot yourself in the foot. It uses IETF XChaCha20-Poly1305 AEAD symmetric encryption to create encrypted and tamperproof tokens. Payload itself is an arbitrary sequence of bytes. You can use for example a JSON object, plain text string or even binary data serialized by MessagePack or Protocol Buffers.

Although not a design goal, it is possible to use Branca as an alternative to JWT.

Install

Install the library using pip. Note that you also must have libsodium installed.

$ brew install libsodium
$ pip install pybranca

Usage

The payload of the token can be anything, like a simple string.

import secrets
from branca import Branca

key = secrets.token_bytes(32)
branca = Branca(key)

token = branca.encode("Hello world!")
payload = branca.decode(token)

print(token)
print(payload)

# 87xqn4ACMhqDZvoNuO0pXykuDlCwRz4Vg7LS3klfHpTiOUw1ramOqfWoaA6bvsGwOQ49MDFOERU0T
# b'Hello world!'

For more complicated data structures JSON is an usual choice.

import json
import secrets
from branca import Branca

key = secrets.token_bytes(32)
branca = Branca(key)

string = json.dumps({"scope" : ["read", "write", "delete"]})

token = branca.encode(string)
payload = branca.decode(token)

print(token)
print(payload)
print(json.loads(payload))

# 6AlLJaBIFpXbwKTFsI3xXsk4se8YsdEKOtxYwtYDQHpoqabwZzmxAUS99BLxBJpmfJqnJ9VvzJYO1FXfsX78d0YsvTe43opYbUPgUao0EGV5qBli
# b'{"scope": ["read", "write", "delete"]}'
# {'scope': ['read', 'write', 'delete']}

By using MessagePack you can have more compact tokens.

import msgpack
from branca import Branca

key = secrets.token_bytes(32)
branca = Branca(key)

packed = msgpack.dumps({"scope" : ["read", "write", "delete"]})

token = branca.encode(packed)
payload = branca.decode(token)

print(token)
print(payload)
print(msgpack.loads(payload, raw=False))

# 3iJOQqw5CWjCRRDnsd7Jh4dfsyf7a4qbuEO0uT8MBEvnMVaR8rOW4dFKBVFKKgxZkVlNchGJSIgPdHtHIM4rF4mZYsriTE37
# b'\x81\xa5scope\x93\xa4read\xa5write\xa6delete'
# {'scope': ['read', 'write', 'delete']}

License

The MIT License (MIT). Please see License File for more information.

About

Authenticated Encrypted API Tokens for Python.

branca.io/

Resources

Readme

License

MIT license
Activity

Stars

46 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages