JSON Web Token implementation in Python (fork of PyJWT)
Project description
This is a fork of https://github.com/jpadilla/pyjwt by Privex Inc. - allowing us to be able to add our own updates which may not be accepted upstream in jpadilla/pyjwt
Our fork is published as privex-pyjwt while the original is published as PyJWT - the packages are mutually incompatible, as both use the jwt top-level namespace.
Notable feature additions by Privex over the original PyJWT package:
- Version 1.8.0
Added support for EdDSA (Ed25519) JWT signing and verification
A Python implementation of RFC 7519. Original implementation was written by @progrium.
Installing
Install with pip:
pip install privex-pyjwt
Install with pipenv:
pipenv install privex-pyjwt
NOTE:
To sign/verify with RSA and Ed25519 (EdDSA), the cryptography package is required.
To sign/verify with EcDSA, the ecdsa package is required.
Extra packages:
pip install -U 'cryptography>=2.6' ecdsa # or with pipenv pipenv install 'cryptography>=2.6' ecdsa
Sponsor Notice
This fork was created by Privex. Support it’s development by buying a server from us :)
Usage
>>> import jwt
>>> encoded = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
>>> print(encoded)
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg
>>> jwt.decode(encoded, 'secret', algorithms=['HS256'])
{'some': 'payload'}Using EdDSA / Ed25519
Support for EdDSA / Ed25519 was added as of the Privex fork in Version 1.8.0
Our privex-pyjwt package is compatible with other JWT EdDSA implementations, such as NodeJS’s Jose package. It can sign tokens with Ed25519 keys which can be verified by NodeJS Jose, and verify tokens signed with Ed25519 by NodeJS Jose.
Generating/loading an Ed25519 (EdDSA) key
If you want to be able to easily generate Ed25519, RSA and ECDSA public/private keys from within your Python app, consider using Privex’s Python Helpers which includes a cryptography module designed to make symmetric / asymmetric encryption simple.
Installing Privex Helpers:
# For a minimal install with just the cryptography dependencies # change [full] to [crypto] (though [full] only adds a few small dependencies) pip3 install 'privex-helpers[full]'
You can load/generate an Ed25519 private/public key however you want, but we’re using Privex Helpers ‘s crypto module as an example (and showcase of our library).
The below code uses Privex Helpers to generate an Ed25519 keypair and output the private key to id_ed25519 and the public key to id_ed25519.pub.
If you don’t want to save the keys to a file, you can use ed_priv, ed_pub = KeyManager.generate_keypair('ed25519') instead.
from privex.helpers import KeyManager
ed_priv, ed_pub = KeyManager.output_keypair('id_ed25519', 'id_ed25519.pub', alg='ed25519')
# ed_priv example contents:
# b'-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIBy9N4xfv/9qOiKrxwRKeGfO5ab6lSukKHbuC5vaJ1Mg\n-----END PRIVATE KEY-----\n'
# ed_pub example contents:
# b'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4pK2dePGgctIAsh0H/tmUrLzx2Vc4Ltc8TN9nfuChG'Using privex-pyjwt to encode/decode JWT tokens with EdDSA
Private keys must be in PEM format with PKCS8, while public keys can be in either PEM (PKCS8) format or OpenSSH format (ssh-ed25519 ........ user@host).
Simply use jwt.encode and jwt.decode as normal, pass in your Ed25519 private key for encoding, the private/public key for decoding, and set the algorithm to EdDSA.
import jwt
# Tokens can only encoded with an Ed25519 private key
token = jwt.encode({'hello': 'world'}, ed_priv, algorithm='EdDSA')
# resulting token: b'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJoZWxsbyI6IndvcmxkIn0.HEDJTw1jNaz82WuP3O1l5_i-eaaj3DBEKesPUsInSgKuvbav6XaLORERs7wPrmS14DN_WlzDUCn0LmVGl4VlCg'
# However, tokens can be decoded using EITHER the public key (PEM / OpenSSH) or the private key,
# as we can interpolate the public key from the private key
jwt.decode(token, ed_priv, algorithms=['EdDSA'])
# Output: {'hello': 'world'}Command line
Usage:
pyjwt [options] INPUT
Decoding examples:
pyjwt --key=secret decode TOKEN pyjwt decode --no-verify TOKEN
See more options executing pyjwt --help.
Documentation
View the full docs online at https://pyjwt.readthedocs.io/en/stable/
Tests
You can run tests from the project root after cloning with:
$ toxRelease history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file privex_pyjwt-2.0.0.tar.gz.
File metadata
- Download URL: privex_pyjwt-2.0.0.tar.gz
- Upload date:
- Size: 48.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.53.0 CPython/3.9.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 26c34105fc819fd794742c4951ccee142979ad0afd8bfd811fa1bfd31b948c36 |
|
| MD5 | 249fe2d14de7c82a0a00687c32d2f566 |
|
| BLAKE2b-256 | 602474cc8b7f692ffd15c2505b0b20907ea89a765dc1984207c648f34179cbb2 |
File details
Details for the file privex_pyjwt-2.0.0-py2.py3-none-any.whl.
File metadata
- Download URL: privex_pyjwt-2.0.0-py2.py3-none-any.whl
- Upload date:
- Size: 24.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.53.0 CPython/3.9.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 36c0b052fe09327e2f39542fbbf3445cb2a317209453d74cdb978d73017ad7e2 |
|
| MD5 | 579830482a6173f55b812aa2f864bf5b |
|
| BLAKE2b-256 | 19f523913476932f45ca8b5cdca6884875b8836f2157a820c6ba1fcbc2312e5e |
