Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Generating UUID for API tokens in Python

I'm currently generating UUIDs in Python as follows:

import uuid
import secrets

uuid.UUID(bytes=secrets.token_bytes(16))

Is this safe to be used as an API token or access token?

like image 478
Jorge Silva Avatar asked Oct 29 '18 00:10

Jorge Silva


People also ask

How do you make a UUID in Python?

UUID 1 to Generate a unique ID using MAC AddressThe uuid. uuid1() function is used to generate a UUID from the host ID, sequence number, and the current time. It uses the MAC address of a host as a source of uniqueness. The node and clock_seq are optional arguments.

How do you get unique tokens in Python?

You can use like as mentioned the builtin uuid module. The new secrets module released in 3.6 is also capable of creating unique tokens also. The function below creates a unique token every time it's called.

How do I get an API Token in Python?

To get the API token for a user, an HTTP POST request should be sent to the Token resource. In the post body, username and password are specified in JSON format, and the response body contains a token key with an actual API Token as the value.

Is UUID a Token?

Access Token is used by an application to access API on behalf of a user. The two formats of tokens supported in OTK are UUID (default) and JSON Web Token (JWT).

How to generate UUID and hexadecimal tokens in Python?

To generate hexadecimal tokens, import the secrets package, then use the .token_hex () function, passing the length of the hex string to create as the first argument. To generate a UUID, import the uuid package and use the .uuid4 () function like this:

What is UUID in Python?

UUID, Universal Unique Identifier, is a python library which helps in generating random objects of 128 bits as ids. It provides the uniqueness as it generates ids on the basis of time, Computer hardware (MAC etc.). Advantages of UUID : Can be used as general utility to generate unique random id. Can be used in cryptography and hashing applications.

How to generate random ID’s using UUID in Python?

Generating Random id’s using UUID in Python. 1 bytes : Returns id in form of 16 byte string. 2 int : Returns id in form of 128-bit integer. 3 hex : Returns random id as 32 character hexadecimal string.

How to generate hash IDs using uuid5 in Python?

Generating hash ids using uuid3 () and uuid5 () in Python 1 Syntax. Uuid5 (namespace, string) Uuid5 uses SHA-1 hash value to create the identifier. The namespace can be – NAMESPACE_DNS : Used when name string is fully qualified domain name. 2 Example 3 Output


1 Answers

Two reasons that your current approach is, arguably, a safe and sound one:

  • the probability of generating a duplicate id with 128 bits of entropy is effectively nil. (This is the standard UUID size, which you are using.)
  • secrets is designed specifically with the purpose of generating cryptographically strong random numbers; token_bytes() is really just a call to os.urandom(), which in turn returns random bytes from an OS-specific randomness source.*

A suggestion - uuid.uui4() does basically this same exact thing without the overhead of calling intermediary functions:

# https://github.com/python/cpython/blob/3.5/Lib/uuid.py
def uuid4():
    """Generate a random UUID."""
    return UUID(bytes=os.urandom(16), version=4)

One other suggestion regardless - you can use .hex of the resulting UUID object to get a nice non-hyphenated string.

>>> uuid.uuid4().hex
'22c482ef3cd84c26bb49c0287828428f'

*On Unix, that's /dev/urandom, which collects info from sources like device drivers. I.e. garbled info that is particular to the generating machine but sufficiently random and not identifiable of the host computer itself.

like image 177
Brad Solomon Avatar answered Oct 02 '22 17:10

Brad Solomon