Module Contents¶
Classes¶
Implements "wamp-scram" authentication for components. |
|
Functions¶
|
Accepts various keys and values to configure an authenticator. The |
|
Generates a new Base32 encoded, random secret. |
|
Computes the current TOTP code. |
|
Check a TOTP value received from a principal trying to authenticate against |
|
|
|
Returns a binary digest for the PBKDF2 hash algorithm of |
|
Computes a derived cryptographic key from a password according to PBKDF2. |
|
Generates a new random secret for use with WAMP-CRA. |
|
Compute an WAMP-CRA authentication signature from an authentication |
|
Derive WAMP-SCRAM credentials from user email and password. The SCRAM parameters used |
- autobahn.wamp.auth.create_authenticator(name, **kwargs)[source]¶
Accepts various keys and values to configure an authenticator. The valid keys depend on the kind of authenticator but all can understand: authextra, authid and authrole
- Returns
an instance implementing IAuthenticator with the given configuration.
- class autobahn.wamp.auth.AuthAnonymous(**kw)[source]¶
Bases:
object
- property authextra¶
- name = anonymous¶
- class autobahn.wamp.auth.AuthCryptoSign(**kw)[source]¶
Bases:
object
- property authextra¶
- name = cryptosign¶
- class autobahn.wamp.auth.AuthScram(**kw)[source]¶
Bases:
object
Implements “wamp-scram” authentication for components.
NOTE: This is a prototype of a draft spec; see https://github.com/wamp-proto/wamp-proto/issues/135
- property authextra¶
- name = scram¶
- class autobahn.wamp.auth.AuthWampCra(**kw)[source]¶
Bases:
object
- property authextra¶
- name = wampcra¶
- autobahn.wamp.auth.generate_totp_secret(length=10)[source]¶
Generates a new Base32 encoded, random secret.
See also
- Parameters
length (int) – The length of the entropy used to generate the secret.
- Returns
The generated secret in Base32 (letters
A-Z
and digits2-7
). The length of the generated secret islength * 8 / 5
octets.- Return type
unicode
- autobahn.wamp.auth.compute_totp(secret, offset=0)[source]¶
Computes the current TOTP code.
- Parameters
secret (unicode) – Base32 encoded secret.
offset (int) – Time offset (in steps, use eg -1, 0, +1 for compliance with RFC6238) for which to compute TOTP.
- Returns
TOTP for current time (+/- offset).
- Return type
unicode
- autobahn.wamp.auth.check_totp(secret, ticket)[source]¶
Check a TOTP value received from a principal trying to authenticate against the expected value computed from the secret shared between the principal and the authenticating entity.
The Internet can be slow, and clocks might not match exactly, so some leniency is allowed. RFC6238 recommends looking an extra time step in either direction, which essentially opens the window from 30 seconds to 90 seconds.
- Parameters
secret (unicode) – The secret shared between the principal (eg a client) that is authenticating, and the authenticating entity (eg a server).
ticket (unicode) – The TOTP value to be checked.
- Returns
True
if the TOTP value is correct, elseFalse
.- Return type
- autobahn.wamp.auth.pbkdf2(data, salt, iterations=1000, keylen=32, hashfunc=None)[source]¶
Returns a binary digest for the PBKDF2 hash algorithm of
data
with the givensalt
. It iteratesiterations
time and produces a key ofkeylen
bytes. By default SHA-256 is used as hash function, a different hashlibhashfunc
can be provided.- Parameters
data (bytes) – The data for which to compute the PBKDF2 derived key.
salt (bytes) – The salt to use for deriving the key.
iterations (int) – The number of iterations to perform in PBKDF2.
keylen (int) – The length of the cryptographic key to derive.
hashfunc (str) – Name of the hash algorithm to use
- Returns
The derived cryptographic key.
- Return type
- autobahn.wamp.auth.derive_key(secret, salt, iterations=1000, keylen=32)[source]¶
Computes a derived cryptographic key from a password according to PBKDF2.
See also
- autobahn.wamp.auth.generate_wcs(length=14)[source]¶
Generates a new random secret for use with WAMP-CRA.
The secret generated is a random character sequence drawn from
upper and lower case latin letters
digits
- autobahn.wamp.auth.compute_wcs(key, challenge)[source]¶
Compute an WAMP-CRA authentication signature from an authentication challenge and a (derived) key.
- autobahn.wamp.auth.derive_scram_credential(email: str, password: str, salt: Optional[bytes] = None) Dict [source]¶
Derive WAMP-SCRAM credentials from user email and password. The SCRAM parameters used are the following (these are also contained in the returned credentials):
kdf
argon2id-13
time cost
4096
memory cost
512
parallelism
1
See draft-irtf-cfrg-argon2 and argon2-cffi.
- Parameters
email – User email.
password – User password.
salt – Optional salt to use (must be 16 bytes long). If none is given, compute salt from email as
salt = SHA256(email)[:16]
.
- Returns
WAMP-SCRAM credentials. When serialized, the returned credentials can be copy-pasted into the
config.json
node configuration for a Crossbar.io node.