Authenticated and encrypted API tokens using modern crypto.
Branca is a secure easy to use token format which makes it hard to shoot yourself in the foot. It uses IETF XChaCha20-Poly1305 AEAD symmetric encryption to create encrypted and tamperproof tokens. Payload itself is an arbitrary sequence of bytes. You can use for example a JSON object, plain text string or even binary data serialized by MessagePack or Protocol Buffers.
Although not a design goal, it is possible to use Branca as an alternative to JWT.
Install the library using pip. Note that you also must have libsodium installed.
$ brew install libsodium
$ pip install pybranca
The payload of the token can be anything, like a simple string.
import secrets
from branca import Branca
key = secrets.token_bytes(32)
branca = Branca(key)
token = branca.encode("Hello world!")
payload = branca.decode(token)
print(token)
print(payload)
# 87xqn4ACMhqDZvoNuO0pXykuDlCwRz4Vg7LS3klfHpTiOUw1ramOqfWoaA6bvsGwOQ49MDFOERU0T
# b'Hello world!'
For more complicated data structures JSON is an usual choice.
import json
import secrets
from branca import Branca
key = secrets.token_bytes(32)
branca = Branca(key)
string = json.dumps({"scope" : ["read", "write", "delete"]})
token = branca.encode(string)
payload = branca.decode(token)
print(token)
print(payload)
print(json.loads(payload))
# 6AlLJaBIFpXbwKTFsI3xXsk4se8YsdEKOtxYwtYDQHpoqabwZzmxAUS99BLxBJpmfJqnJ9VvzJYO1FXfsX78d0YsvTe43opYbUPgUao0EGV5qBli
# b'{"scope": ["read", "write", "delete"]}'
# {'scope': ['read', 'write', 'delete']}
By using MessagePack you can have more compact tokens.
import msgpack
from branca import Branca
key = secrets.token_bytes(32)
branca = Branca(key)
packed = msgpack.dumps({"scope" : ["read", "write", "delete"]})
token = branca.encode(packed)
payload = branca.decode(token)
print(token)
print(payload)
print(msgpack.loads(payload, raw=False))
# 3iJOQqw5CWjCRRDnsd7Jh4dfsyf7a4qbuEO0uT8MBEvnMVaR8rOW4dFKBVFKKgxZkVlNchGJSIgPdHtHIM4rF4mZYsriTE37
# b'\x81\xa5scope\x93\xa4read\xa5write\xa6delete'
# {'scope': ['read', 'write', 'delete']}
The MIT License (MIT). Please see License File for more information.