{
    "info": {
        "author": "Dave Hall",
        "author_email": "dave@etianen.com",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 5 - Production/Stable",
            "Environment :: Web Environment",
            "Framework :: Django",
            "Intended Audience :: Developers",
            "License :: OSI Approved :: BSD License",
            "Operating System :: OS Independent",
            "Programming Language :: Python"
        ],
        "description": "django-access-tokens\n====================\n\n**django-access-tokens** is a Django app for generating secure scoped access tokens.\n\n\nFeatures\n--------\n\n- Generate secure access tokens that grant permissions at the level of model instances,\n  models, apps, or globally.\n- Expire access tokens after a given age.\n- Generate more compact access tokens by including ``'django.contrib.auth'``\n  and ``'django.contrib.contenttypes'`` in your project.\n\n\nInstallation\n------------\n\n1. Checkout the latest django-access-tokens release and copy or symlink the\n   ``access_tokens`` directory into your ``PYTHONPATH``.  If using pip, run \n   ``pip install django-access-tokens``.\n2. Add ``'access_tokens'`` to your ``INSTALLED_APPS`` setting.\n3. Optionally, ad ``'django.contrib.auth'`` and ``'django.contrib.contenttypes'`` for more\n   compact access tokens.\n\n\nGenerating tokens\n-----------------\n\nTokens can be generated as follows:\n\n``tokens.generate(scope=(), key=None, salt=None)``\n\nSome examples of token generation:\n\n::\n    \n    from access_tokens import scope, tokens\n\n    # Generate an access token granting change permission on a given model instance.\n    change_instance_token = tokens.generate(\n        scope.access_obj(your_instance, \"your_app.change_your_model\"),\n    )\n\n    # Generate an access token granting add permission on a given model.\n    change_model_token = tokens.generate(\n        scope.access_model(YourModel, \"your_app.add_your_model\"),\n    )\n\n    # Generate an access token for a custom 'publish' permission on a given app.\n    publish_app_token = tokens.generate(\n        scope.access_app(\"your_app\", \"publish\"),\n    )\n\n    # Generate an access token for a custom 'moderate' permission globally.\n    publish_app_token = tokens.generate(\n        scope.access_all(\"moderate\"),\n    )\n\n    # Generate a complex token that grants a number of permissions.\n    kitchen_sink_token = tokens.generate(\n        scope.access_obj(your_instance, \"read\", \"write\") +\n        scope.access_all(\"publish\", \"moderate\")\n    )\n\nSome things to bear in mind when generating tokens:\n\n- You can combine multiple ``scope.access_*`` invocations using the addition ``+`` operator.\n- Permissions are specified as strings, and you can name as many permissions as you want\n  in a given ``scope.access_*`` invocation.\n- Permission names don't have to match permissions defined by ``'django.contrib.auth'``. If they\n  do match, then the generated access token will be smaller.\n- If you don't name any permissions in a ``scope.access_*`` call, then the returned scope is effectively\n  worthless, as it grants no permissions.\n\n\nValidating tokens\n-----------------\n\nTokens can be validated as follows:\n\n``tokens.validate(token, scope=(), key=None, salt=None, max_age=None)``\n\nSome examples of token validation:\n\n::\n    \n    from access_tokens import scope, tokens\n\n    # See if the given token grants 'publish' permission on the given app.\n    tokens.validate(\n        some_token,\n        scope.access_app(\"your_app\", \"publish\"),\n    )\n\n    # Test the above token again, but only allow tokens generated in the last five minutes.\n    tokens.validate(\n        some_token,\n        scope.access_app(\"your_app\", \"publish\"),\n        max_age = 60 * 5,\n    )\n\n\nSome things to bear in mind when validating tokens:\n\n- A token is considered valid if it grants a superset of the permissions specified in\n  the comparison scope.\n- Tokens, by default, never expire, but you can force an expiry by passing a ``max_age`` argument\n  to ``tokens.validate``.\n- Token validation should only raise an exception if the code used to generate it was faulty.\n  A bad signature on an access token, or an expired ``max_age``, will not raise an exception, but\n  will instead simply fail validation and return ``False``.\n\n\nSecurity\n--------\n\ndjango-access-tokens generates access tokens by serializing a representation of the granted permissions\nand then signing it using ``django.core.signing``. As such, it uses the latest cryptographic techniques\ndeveloped by the core Django team, and will stay up-to-date as you upgrade Django.\n\nIn order for django-access-tokens to work, it is important that you keep the secret key used\nto generate the tokens a secret. By default, tokens are generated using ``settings.SECRET_KEY``. If you\never believe that your secret key has been compromised, change it immediately. Changing your secret\nkey will also immediately invalidate all access tokens generated from it.\n\n\nMore information\n----------------\n\nThe django-access-tokens project was developed at `Mohawk <http://www.mohawkhq.com/>`_, and\nis released as Open Source under the MIT license.\n\nYou can get the code from the `django-access-tokens project site <http://github.com/mohawkhq/django-access-tokens>`_.\n\n\nContributors\n------------\n\nThe following people were involved in the development of this project.\n\n- Dave Hall - `Blog <http://blog.etianen.com/>`_ | `GitHub <http://github.com/etianen>`_ | `Twitter <http://twitter.com/etianen>`_ | `Google Profile <http://www.google.com/profiles/david.etianen>`_",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "UNKNOWN",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "http://github.com/mohawkhq/django-access-tokens",
        "keywords": null,
        "license": "BSD",
        "maintainer": null,
        "maintainer_email": null,
        "name": "django-access-tokens",
        "package_url": "https://pypi.org/project/django-access-tokens/",
        "platform": "UNKNOWN",
        "project_url": "https://pypi.org/project/django-access-tokens/",
        "project_urls": {
            "Download": "UNKNOWN",
            "Homepage": "http://github.com/mohawkhq/django-access-tokens"
        },
        "release_url": "https://pypi.org/project/django-access-tokens/0.9.2/",
        "requires_dist": null,
        "requires_python": null,
        "summary": "A Django app for for generating secure scoped access tokens.",
        "version": "0.9.2"
    },
    "last_serial": 912870,
    "releases": {
        "0.9.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "d3f9395c59b1ae2353749646aa4659c8",
                    "sha256": "24d960771e88baae1d884cca51747e6765d09eeda816db6d667987e38c13bd86"
                },
                "downloads": -1,
                "filename": "django-access-tokens-0.9.0.tar.gz",
                "has_sig": false,
                "md5_digest": "d3f9395c59b1ae2353749646aa4659c8",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 7355,
                "upload_time": "2013-08-14T09:43:50",
                "url": "https://files.pythonhosted.org/packages/26/a4/727ecc40aa21216c5f060ae68f55a79d5debc0f8b2b5e20f01e3e7754a79/django-access-tokens-0.9.0.tar.gz"
            }
        ],
        "0.9.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "13de7dca99cfad21c7c7f5b83ec36d1f",
                    "sha256": "2e87a184db741c5f11e547cad9b87843152964c578bcedf9d1ffac9b5c70754b"
                },
                "downloads": -1,
                "filename": "django-access-tokens-0.9.1.tar.gz",
                "has_sig": false,
                "md5_digest": "13de7dca99cfad21c7c7f5b83ec36d1f",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 7305,
                "upload_time": "2013-10-01T16:06:36",
                "url": "https://files.pythonhosted.org/packages/b9/a1/a798ab8f135a722739b26ad22c764b490dac68f918bdae6b06489d67fee3/django-access-tokens-0.9.1.tar.gz"
            }
        ],
        "0.9.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "49fdca8347ea5660e703a76591f533b2",
                    "sha256": "e69c65b624fa15097c3e738a0886b1baaad0f84fc51fd8b617ba7773355253f6"
                },
                "downloads": -1,
                "filename": "django-access-tokens-0.9.2.tar.gz",
                "has_sig": false,
                "md5_digest": "49fdca8347ea5660e703a76591f533b2",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 7779,
                "upload_time": "2013-11-06T17:38:54",
                "url": "https://files.pythonhosted.org/packages/08/85/121b34a23eee5b1cfae044914ec51a0bc88619b1f55ebca8512c99976d59/django-access-tokens-0.9.2.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "49fdca8347ea5660e703a76591f533b2",
                "sha256": "e69c65b624fa15097c3e738a0886b1baaad0f84fc51fd8b617ba7773355253f6"
            },
            "downloads": -1,
            "filename": "django-access-tokens-0.9.2.tar.gz",
            "has_sig": false,
            "md5_digest": "49fdca8347ea5660e703a76591f533b2",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 7779,
            "upload_time": "2013-11-06T17:38:54",
            "url": "https://files.pythonhosted.org/packages/08/85/121b34a23eee5b1cfae044914ec51a0bc88619b1f55ebca8512c99976d59/django-access-tokens-0.9.2.tar.gz"
        }
    ]
}