WSSE authentication implementations for various server backends/clients.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



Authors: Rushy Panchal, Naphat Sanguansin, Adam Libresco, Jérémie Lumbroso.


pywsse is an all-encompassing package to meet various needs for WSSE usage - both as an authentication backend (for various frameworks) and as a plug-and-play authentication mechanism for clients.

The motivation for this package came after dealing with various ambiguities in the WSSE protocol - some servers require specific digest algorithms and base64-encode different parts of the token. By utilizing a single library, you can be assured that there the token is generated and verified in the same way by both client and server.

Frameworks/Package Support

Python versions 2.7, 3.4, 3.5, and 3.6 are supported.

The following backend frameworks are currently supported:

In addition, the following client packages are supported:

Django REST Framework

To utilize the Django REST Framework plugin, install the Django plugin to settings.INSTALLED_APPS:




In addition, add the authentication backend (wsse.server.drf.authentication.WSSEAuthentication) to settings.REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES']:


Alternatively, you can set it for a subset of your views.

Please refer to the Django REST Framework: Authentication Documentation for more information.

Finally, set the NONCE_STORE and NONCE_STORE_ARGS settings for the pywsse package:

import wsse
wsse.settings.NONCE_STORE = ''
wsse.settings.NONCE_STORE_ARGS = []

Make sure to run the migrations after setting the nonce store. Particularly, you must run the migrations for the wsse app:

$ python migrate wsse


The requests plugin is an authentication class that will automatically attach the appropriate header to the request.

To do so, import the wsse.client.requests.auth.WSSEAuth class and attach it to the request:

import requests
from wsse.client.requests.auth import WSSEAuth

response = requests.get('http://localhost:8000/api/',
  auth = WSSEAuth('username', 'password'))

The WSSEAuth class can be reused as it will generate a new token for each request:

import requests
from wsse.client.requests.auth import WSSEAuth

auth = WSSEAuth('username', 'password')

response = requests.get('http://localhost:8000/api/1/', auth = auth)
next_response = requests.get('http://localhost:8000/api/2/', auth = auth)


The coreapi plugin is just a pluggable transport that automatically attaches the appropriate header before sending the request.

To make use of this transport, import the wsse.client.coreapi.transport.WSSEAuthenticatedHTTPTransport class and add it to your list of transports to coreapi.Client:

import coreapi
from wsse.client.coreapi.transport import WSSEAuthenticatedHTTPTransport

wsse_transport = WSSEAuthenticatedHTTPTransport('username', 'password')
client = coreapi.Client(transports = [wsse_transport])

schema = client.get('')

You can also pass in any of the arguments or keyword arguments to coreapi.transports.HTTPTransport after the username and password.


To run the development version of wsse, clone the repository and install the testing requirements in requirements.txt. Then, run the test suite using either tox or detox:

$ git clone
$ cd pywsse
$ virtualenv env
$ source env/bin/activate
$ pip install -r requirements.txt
$ detox
note:detox is a parallel version of tox. It only runs with Python 2.6-2.7 (but it can and will run tests for Python 3.x versions).