Fernet (symmetrically signed and encrypted) Web Tokens
Project description
Python Fernet Web Token
Library to produce and validate signed, encrypted tokens (via Fernet), to make them suitable for carrying confidential state over an unprotected channel.
Intended as a replacement for the JWT series of protocols.
Advantages compared to JWT
- Encryption support, allowing tokens to contain confidential data without exposing it to the user
- Tokens are encoded using a binary format, which is more concise than JSON
- Tokens do not carry (unverified) information about the encryption algorithm used, eliminating an entire class of vulnerabilities
Supported features
- Validity start date: tokens will not be accepted before this date
- Expiration date: tokens will no longer be accepted after this date
- Token type, to distinguish between different classes of token issued using the same shared key
- Token payload can be binary data, a utf8 string, or JSON data, with support for user-extensible formats
Usage example
import fwt
tf = fwt.Authority(key=b'...', token_type='Authentication')
# Create a token containing some JSON data
token = tf.encode({"user_id": 12345})
# Or binary data
token = tf.encode(b"\x00\x00\x00\x00\x00\x0009")
# Create a token with an expiration date
token = tf.encode({...}, expire_after=3600)
token = tf.encode({...}, expire_at=datetime(2030, 1, 1))
# Decode payload data from a token
data = tf.decode_payload(token)
# Or if extra information is needed
token_info = tf.decode(token)
token_info.payload # the original data
token_info.token_id # for example...
Token binary format
Token data is encoded using a binary format. All numbers are stored in big-endian order.
The first byte contains a bitmask (four lower bits) to indicate the presence of the optional fields (in order, lsb first), while the upper four bits encode the payload type.
Following are a series of optional fields, as described below.
Optional fields
- Validity start date: unix timestamp as an unsigned 64-bit integer
- Expiration date: unix timestamp as an unsigned 64-bit integer
- Token type: utf8 string, prefixed with a 8-bit integer indicating the encoded length
- Token ID: utf8 string, prefixed with a 8-bit integer indicating the encoded length
- Payload data: if the payload type is not 0, the payload is encoded as a 2-byte number indicating the encoded size, followed by that amount of bytes
Payload types
- 0: empty
- 1: binary data
- 2: utf8 encoded string
- 3: JSON encoded data
- 4-7: reserved
- 8-15: application specific usage
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fwt-1.0.0.tar.gz.
File metadata
- Download URL: fwt-1.0.0.tar.gz
- Upload date:
- Size: 6.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e76286a761d0611cf0ecb6bf88839be537bedc4513bf84f9ab17376910833c6
|
|
| MD5 |
743c6eb9d697030dc9a40c230d168521
|
|
| BLAKE2b-256 |
598e114ca9fd261c0989a23ecec79045c5ca13fba4f4669df4092f9e9c9961d4
|
File details
Details for the file fwt-1.0.0-py3-none-any.whl.
File metadata
- Download URL: fwt-1.0.0-py3-none-any.whl
- Upload date:
- Size: 5.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6484f9a26e276e6b34e3f2cd3197b7b11c7486ff4b56206aa3798914cd10d044
|
|
| MD5 |
c94378883b21d87521fab472151235a1
|
|
| BLAKE2b-256 |
3fa5adc24cd22f442d506413abb928fb0f89f8f042ef67148dabc37f2125b50f
|
