Skip to main content

JSON Web Token implementation in Python

Project description

A Python implementation of [JSON Web Token draft 01](http://self-issued.info/docs/draft-jones-json-web-token-01.html).

This is Mozilla’s fork of [PyJWT](http://pypi.python.org/pypi/PyJWT) which adds RSA algorithms, fixes some timing attacks, and makes a few other adjustments. It is used in projects such as [webpay](https://github.com/mozilla/webpay).

Installing

Install the module with [pip](http://www.pip-installer.org/) or something similar:

pip install PyJWT-mozilla

This install step will also install/compile [M2Crypto](http://pypi.python.org/pypi/M2Crypto) so you will need swig for this. You can get it with a package manager like:

brew install swig

Alternatively you can probably find a binary package for M2Crypto with something like this:

sudo apt-get install python-m2crypto

Usage

import jwt jwt.encode({“some”: “payload”}, “secret”)

Note the resulting JWT will not be encrypted, but verifiable with a secret key.

jwt.decode(“someJWTstring”, “secret”)

If the secret is wrong, it will raise a jwt.DecodeError telling you as such. You can still get at the payload by setting the verify argument to false.

jwt.decode(“someJWTstring”, verify=False)

Algorithms

The JWT spec supports several algorithms for cryptographic signing. This library currently supports:

  • HS256 - HMAC using SHA-256 hash algorithm (default)
  • HS384 - HMAC using SHA-384 hash algorithm
  • HS512 - HMAC using SHA-512 hash algorithm
  • RS256 - RSA using SHA-256 hash algorithm
  • RS384 - RSA using SHA-384 hash algorithm
  • RS512 - RSA using SHA-584 hash algorithm

Change the algorithm with by setting it in encode:

jwt.encode({“some”: “payload”}, “secret”, “HS512”)

Tests

Install the project in a [virtualenv](http://pypi.python.org/pypi/virtualenv) (or wherever) by typing this from the root:

python setup.py develop

Run the tests like this:

python tests/test_jwt.py

License

MIT

Project details


Release history Release notifications

This version
History Node

0.1.5

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
PyJWT-mozilla-0.1.5.tar.gz (5.4 kB) Copy SHA256 hash SHA256 Source None Mar 27, 2015

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page