[Python-ideas] PEP 506 (secrets module) and token functions

Nick Coghlan ncoghlan at gmail.com
Sun Sep 27 15:30:04 CEST 2015

On 26 September 2015 at 23:56, Serhiy Storchaka <storchaka at gmail.com> wrote:
> On 26.09.15 16:07, Steven D'Aprano wrote:
>> Question one:
>> - token_bytes obviously should return bytes. What should the others
>>    return, bytes or str?
> Why don't left conversion to the user? You can provide simple receipts in
> the documentation.
> def token_hex(nbytes):
>     return token_bytes(nbytes).hex()
> def token_url(nbytes):
>     return base64.urlsafe_b64encode(token_bytes(nbytes)).rstrip(b'=')
> We don't know what functions are needed by users. After the secrets module
> is widely used, we could gather the statistics of most popular patterns and
> add some of them in the stdlib.

We already have those patterns based on what web frameworks use - the
hex token generator pattern is taken from Pyramid's token generator,
while the base64 one is inspired by Django's (the latter actually uses
the "choosing from an alphabet" implementation style, but the proposed
base64 approach makes the same general trade-off of encoding more bits
of entropy per character to make the overall output shorter).


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-ideas mailing list