What is the standard method for generating a nonce in Python?

python authentication oauth nonce
charliesneath picture charliesneath · Apr 8, 2011 · Viewed 26.2k times · Source

Can someone share the best practices for creating a nonce for an OAuth request in Python?

Answer

andruso picture andruso · Oct 30, 2016

For most practical purposes this gives very good nonce:

import uuid
uuid.uuid4().hex
# 'b46290528cd949498ce4cc86ca854173'

uuid4() uses os.urandom() which is best random you can get in python.

Nonce should be used only once and hard to predict. Note that uuid4() is harder to predict than uuid1() whereas later is more globally unique. So you can achieve even more strength by combining them:

uuid.uuid4().hex + uuid.uuid1().hex
# 'a6d68f4d81ec440fb3d5ef6416079305f7a44a0c9e9011e684e2c42c0319303d'

Related questions

Could not deserialize key data on decoding JWT python

I am using pyjwt library for decoding the JWT token. I got this error when I am decoding. The code was given in the documantation. import jwt encoded_jwt='''eyJ0eXAiOiJKV1QiLCJhbG......''' secret=b''''-----BEGIN PUBLIC KEY----- MIIFRjCCBC6gAwIBAgIQCIdSGhpikQCjOIY154XoqzANBgkqhkiG9…

Read More
How to check if a user is logged in (how to properly use user.is_authenticated)?

I am looking over this website but just can't seem to figure out how to do this as it's not working. I need to check if the current site user is logged in (authenticated), and am trying: request.user.is_…

Read More
How to use pip on windows behind an authenticating proxy

My computer is running windows behind a proxy on a windows server (using active directory), and I can't figure out how to get through it with pip (in python3). I have tried using --proxy, but it still just timeouts. I …

Read More