Skip to main content

JSON Web Token implementation in Python

Project description

PyJWT [![Build Status](https://travis-ci.org/progrium/pyjwt.png?branch=master)](https://travis-ci.org/progrium/pyjwt)
=====
A Python implementation of [JSON Web Token draft 01](http://self-issued.info/docs/draft-jones-json-web-token-01.html).

Installing
----------

sudo easy_install PyJWT

**Note**: The RSASSA-PKCS1-v1_5 algorithms depend on PyCrypto. If you plan on
using any of those algorithms you'll need to install it as well.

sudo easy_install PyCrypto

Usage
-----

import jwt
jwt.encode({"some": "payload"}, "secret")

Note the resulting JWT will not be encrypted, but verifiable with a secret key.

jwt.decode("someJWTstring", "secret")

If the secret is wrong, it will raise a `jwt.DecodeError` telling you as such.
You can still get the payload by setting the `verify` argument to `False`.

jwt.decode("someJWTstring", verify=False)

Algorithms
----------

The JWT spec supports several algorithms for cryptographic signing. This library
currently supports:

* HS256 - HMAC using SHA-256 hash algorithm (default)
* HS384 - HMAC using SHA-384 hash algorithm
* HS512 - HMAC using SHA-512 hash algorithm
* RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash algorithm
* RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash algorithm
* RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash algorithm

Change the algorithm with by setting it in encode:

jwt.encode({"some": "payload"}, "secret", "HS512")

When using the RSASSA-PKCS1-v1_5 algorithms, the `key` argument in both
`jwt.encode()` and `jwt.decode()` (`"secret"` in the examples) is expected to
be an RSA private key as imported with `Crypto.PublicKey.RSA.importKey()`.

Tests
-----

You can run tests from the project root after cloning with:

python tests/test_jwt.py

Support of reserved claim names
-------------------------------

JSON Web Token defines some reserved claim names and defines how they should be
used. PyJWT supports these reserved claim names:

- "exp" (Expiration Time) Claim

Expiration Time Claim
=====================

From [draft 01 of the JWT spec](http://self-issued.info/docs/draft-jones-json-web-token-01.html#ReservedClaimName):

> The exp (expiration time) claim identifies the expiration time on or after
> which the JWT MUST NOT be accepted for processing. The processing of the exp
> claim requires that the current date/time MUST be before the expiration
> date/time listed in the exp claim. Implementers MAY provide for some small
> leeway, usually no more than a few minutes, to account for clock skew. Its
> value MUST be a number containing an IntDate value. Use of this claim is
> OPTIONAL.

You can pass the expiration time as a UTC UNIX timestamp (an int) or as a
datetime, which will be converted into an int. For example:

jwt.encode({"exp": 1371720939}, "secret")

jwt.encode({"exp": datetime.utcnow()}, "secret")

Expiration time is automatically verified in `jwt.decode()` and raises
`jwt.ExpiredSignature` if the expiration time is in the past:

import jwt
try:
jwt.decode('JWT_STRING', "secret")
except jwt.ExpiredSignature:
# Signature has expired

Expiration time will be compared to the current UTC time (as given by
`timegm(datetime.utcnow().utctimetuple())`), so be sure to use a UTC timestamp
or datetime in encoding.

You can turn off expiration time verification with the `verify_expiration` argument.

PyJWT also supports the leeway part of the expiration time definition, which
means you can validate a expiration time which is in the past but not very far.
For example, if you have a JWT payload with a expiration time set to 30 seconds
after creation but you know that sometimes you will process it after 30 seconds,
you can set a leeway of 10 seconds in order to have some margin:

import jwt, time
jwt_payload = jwt.encode({'exp': datetime.utcnow() + datetime.timedelta(seconds=30)}, 'secret')
time.sleep(32)
# Jwt payload is now expired
# But with some leeway, it will still validate
jwt.decode(jwt_payload, 'secret', leeway=10)


License
-------

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PyJWT-0.2.0.tar.gz (6.2 kB view details)

Uploaded Source

Built Distributions

PyJWT-0.2.0-py3.3.egg (10.0 kB view details)

Uploaded Egg

PyJWT-0.2.0-py2.7.egg (9.9 kB view details)

Uploaded Egg

PyJWT-0.2.0-py2.6.egg (9.9 kB view details)

Uploaded Egg

File details

Details for the file PyJWT-0.2.0.tar.gz.

File metadata

  • Download URL: PyJWT-0.2.0.tar.gz
  • Upload date:
  • Size: 6.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for PyJWT-0.2.0.tar.gz
Algorithm Hash digest
SHA256 20dc8badec27be5d18328800923eaffc81186734a393fe94c29eac2c9bdf5633
MD5 eafb5c5b0c01d11c13f70382250c3e36
BLAKE2b-256 7d390f2e0b71101ac3d38c13918635de1328e2dc6db1cd63394a87c3b9e243e2

See more details on using hashes here.

File details

Details for the file PyJWT-0.2.0-py3.3.egg.

File metadata

  • Download URL: PyJWT-0.2.0-py3.3.egg
  • Upload date:
  • Size: 10.0 kB
  • Tags: Egg
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for PyJWT-0.2.0-py3.3.egg
Algorithm Hash digest
SHA256 2a8a3fe95004ba9e07b3523fd36ca08cc4188d9ec2b8953d90774ac77aefe902
MD5 dc0ce1be49d691d90ad037451887ece5
BLAKE2b-256 24c8616ba0e2559cc997930e3137aa82cb17d5cc7a3bdc1cc25e87c867ead21c

See more details on using hashes here.

File details

Details for the file PyJWT-0.2.0-py2.7.egg.

File metadata

  • Download URL: PyJWT-0.2.0-py2.7.egg
  • Upload date:
  • Size: 9.9 kB
  • Tags: Egg
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for PyJWT-0.2.0-py2.7.egg
Algorithm Hash digest
SHA256 abe2a7fd136ed40d8bd18e907802ae9477e6be3f94d73664bab99bf6bb290d72
MD5 42ed94275eb1d8a2f91333ac77f9adb2
BLAKE2b-256 2aeadc64a0e03186604ff7dd6d439865717db5335c1bc2de123821896272c0ec

See more details on using hashes here.

File details

Details for the file PyJWT-0.2.0-py2.6.egg.

File metadata

  • Download URL: PyJWT-0.2.0-py2.6.egg
  • Upload date:
  • Size: 9.9 kB
  • Tags: Egg
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for PyJWT-0.2.0-py2.6.egg
Algorithm Hash digest
SHA256 4d18c53a41e2411b74c76729f0d4661744f49646ef7d2dbc0cae2dcbe63ddd0f
MD5 e536673474316c0848c5f7cb7c204b4c
BLAKE2b-256 17f9e0195c533ccd5c061dcf77d40ab3196ed0382d6dbe5332370136e3abdc49

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page