authnzerver.tokens module¶

This module handles generation of various tokens.

authnzerver.tokens.generate_email_token(ip_address: str, user_agent: str, email_address: str, session_token: str, session_cookie_key: bytes) → bytes[source]¶

This generates a token useful for verifying email addresses.

Also used for forgot-password emails.

This encodes the user’s IP address, user agent, email address, and session token into the token generated. The token is encrypted using the Fernet scheme and the session cookie (the key used to sign the frontend’s cookies) to keep things simple.

authnzerver.tokens.verify_email_token(token: bytes, ip_address: str, user_agent: str, session_token: str, email_address: str, session_cookie_key: bytes, match_returned_items: Sequence[T_co] = ('ipa', 'ema'), ttl_seconds: int = 900, reqid: Union[int, str] = None) → bool[source]¶

This verifies the token returned by the user.

By default, it requires that the token be returned no more than 15 minutes after it’s been issued. It also tries to match the specified items in match_returned_items to the current values provided as args:

'ipa' -> ip_address
'usa' -> user_agent
'stk' -> session_token
'ema' -> email_address