Changes

app_token meta_token = {'email': 'my@email.com', 'someparam': 1324654308.907832}

To avoid information leakage, the token is encrypted and signed using the shared secret and then base64-ed. The encryption is AES-CBC and using the encryption key, the signature is HMAC-SHA1using the signing key:

app_token, signature meta_token = AES-CBC+(meta_token, enc_secret) meta_token, signature = HMAC-SHA1(app_tokenmeta_token, secret_keysig_secret) app_token meta_token = b64encode(app_tokenmeta_token, signature)

'''The metadata token is cryptedencrypted'''