Skip to main content

JSON Web Token implementation in Python

Project description

A Python implementation of JSON Web Token draft 01.

Installing

$ pip install PyJWT

A Note on Dependencies:

The RSASSA-PKCS1-v1_5 algorithms depend on PyCrypto. If you plan on using any of those algorithms, you’ll need to install it as well.

$ pip install PyCrypto

The Elliptic Curve Digital Signature algorithms depend on Python-ECDSA. If you plan on using any of those algorithms, you’ll need to install it as well.

$ pip install ecdsa

Usage

import jwt
jwt.encode({'some': 'payload'}, 'secret')

Additional headers may also be specified.

jwt.encode({'some': 'payload'}, 'secret', headers={'kid': '230498151c214b788dd97f22b85410a5'})

Note the resulting JWT will not be encrypted, but verifiable with a secret key.

jwt.decode('someJWTstring', 'secret')

If the secret is wrong, it will raise a jwt.DecodeError telling you as such. You can still get the payload by setting the verify argument to False.

jwt.decode('someJWTstring', verify=False)

Algorithms

The JWT spec supports several algorithms for cryptographic signing. This library currently supports:

  • HS256 - HMAC using SHA-256 hash algorithm (default)

  • HS384 - HMAC using SHA-384 hash algorithm

  • HS512 - HMAC using SHA-512 hash algorithm

  • ES256 - ECDSA signature algorithm using SHA-256 hash algorithm

  • ES384 - ECDSA signature algorithm using SHA-384 hash algorithm

  • ES512 - ECDSA signature algorithm using SHA-512 hash algorithm

  • RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash algorithm

  • RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash algorithm

  • RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash algorithm

Change the algorithm with by setting it in encode:

jwt.encode({'some': 'payload'}, 'secret', 'HS512')

When using the RSASSA-PKCS1-v1_5 algorithms, the key argument in both jwt.encode() and jwt.decode() ("secret" in the examples) is expected to be an RSA public or private key as imported with Crypto.PublicKey.RSA.importKey().

When using the ECDSA algorithms, the key argument is expected to be an Elliptic Curve private key as imported with ecdsa.SigningKey.from_pem(), or a public key as imported with ecdsa.VerifyingKey.from_pem().

Tests

You can run tests from the project root after cloning with:

$ python tests/test_jwt.py

Support of reserved claim names

JSON Web Token defines some reserved claim names and defines how they should be used. PyJWT supports these reserved claim names:

  • “exp” (Expiration Time) Claim

  • “nbf” (Not Before Time) Claim

  • “iss” (Issuer) Claim

  • “aud” (Audience) Claim

Expiration Time Claim

From [draft 01 of the JWT spec](http://self-issued.info/docs/draft-jones-json-web-token

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PyJWT-0.3.1.tar.gz (8.0 kB view details)

Uploaded Source

Built Distribution

PyJWT-0.3.1-py2.py3-none-any.whl (11.4 kB view details)

Uploaded Python 2Python 3

File details

Details for the file PyJWT-0.3.1.tar.gz.

File metadata

  • Download URL: PyJWT-0.3.1.tar.gz
  • Upload date:
  • Size: 8.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for PyJWT-0.3.1.tar.gz
Algorithm Hash digest
SHA256 8b6c028f91c8e5be44f2c3b94c1d96229e1fa810e73e51ed52cf0c426f7cf332
MD5 2531344c930280b51afe5939cc76835b
BLAKE2b-256 6a7e4c5158be163c888142f150bf3822438dc334549e7cfd990f2ccfc2fb0e3f

See more details on using hashes here.

File details

Details for the file PyJWT-0.3.1-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for PyJWT-0.3.1-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 a88d511f116dab9e7c29578c2174e08594c102781145d481741bb7c4dcc9db9d
MD5 a3019b568ca49cd936af2fff3c277212
BLAKE2b-256 e78974a354c5d669c481b98b055c595e676269809729ded7a0f06a32053165c6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page