Module for generating and verifying JSON Web Tokens

These details have not been verified by PyPI

Project links

Homepage

Project description

python-jwt

Module for generating and verifying JSON Web Tokens.

All versions of python-jwt are now DEPRECATED. I don't have the time to maintain this module.

Note: Versions 3.3.4 and later fix a vulnerability (CVE-2022-39227) in JSON Web Token verification which lets an attacker with a valid token re-use its signature with modified claims. CVE to follow. Please upgrade!
Note: From version 2.0.1 the namespace has changed from jwt to python_jwt, in order to avoid conflict with PyJWT.
Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
Uses jwcrypto to do the heavy lifting.
Supports RS256, RS384, RS512, PS256, PS384, PS512, HS256, HS384, HS512, ES256, ES384, ES512, ES256K, EdDSA and none signature algorithms.
Unit tests, including tests for interoperability with jose.
Supports Python 3.6+. Note: generate_jwt returns the token as a Unicode string.

Example:

import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]

The API is described here.

Installation

pip install python_jwt

Another Example

You can read and write keys from and to PEM-format strings:

import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]

Licence

MIT

Tests

make test

Lint

make lint

Code Coverage

make coverage

coverage.py results are available here.

Coveralls page is here.

Benchmarks

make bench

Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.

Generate Key	user (ns)	sys (ns)	real (ns)
RSA	103,100,000	200,000	103,341,537

Generate Token	user (ns)	sys (ns)	real (ns)
HS256	220,000	0	226,478
HS384	220,000	0	218,233
HS512	230,000	0	225,823
PS256	1,530,000	10,000	1,536,235
PS384	1,550,000	0	1,549,844
PS512	1,520,000	10,000	1,524,844
RS256	1,520,000	10,000	1,524,565
RS384	1,530,000	0	1,528,074
RS512	1,510,000	0	1,526,089

Load Key	user (ns)	sys (ns)	real (ns)
RSA	210,000	3,000	210,791

Verify Token	user (ns)	sys (ns)	real (ns)
HS256	100,000	0	101,478
HS384	100,000	10,000	103,014
HS512	110,000	0	104,323
PS256	230,000	0	231,058
PS384	240,000	0	237,551
PS512	240,000	0	232,450
RS256	230,000	0	227,737
RS384	230,000	0	230,698
RS512	230,000	0	228,624

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

4.1.0

Nov 13, 2023

4.0.0

Sep 27, 2022

3.3.5

Sep 21, 2022

3.3.4

Aug 31, 2022

3.3.3

Jul 3, 2022

3.3.2

Dec 27, 2021

3.3.1

Oct 28, 2021

3.3.0

Aug 24, 2020

3.2.6

Feb 24, 2020

3.2.5

Nov 14, 2019

3.2.4

Nov 9, 2018

3.2.3

Sep 3, 2018

3.2.2

Sep 3, 2018

3.2.1

Sep 3, 2018

3.2.0

Sep 3, 2018

3.1.0

Apr 25, 2018

3.0.0

Oct 21, 2017

2.0.2

Jul 15, 2017

2.0.1

Oct 26, 2016

2.0.0

Oct 26, 2016

1.2.1

Jul 14, 2016

1.2.0

Mar 5, 2016

1.1.7

Jan 25, 2016

1.1.6

Jan 25, 2016

1.1.5

Jan 25, 2016

1.1.3

Jan 25, 2016

1.1.2

Jan 25, 2016

1.1.1

Dec 6, 2015

1.1.0

Nov 25, 2015

1.0.3

Jun 2, 2015

1.0.2

May 13, 2015

1.0.1

May 13, 2015

1.0.0

Mar 12, 2015

0.3.8

Mar 10, 2015

0.3.7

Feb 26, 2015

0.3.6

Feb 26, 2015

0.3.5

Feb 19, 2015

0.3.4

Feb 18, 2015

0.3.3

Aug 22, 2014

0.3.2

Jul 31, 2014

0.3.1

Feb 13, 2014

0.3.0

Jan 28, 2014

0.2.1

Dec 19, 2013

0.2.0

Oct 8, 2013

0.1.0

Oct 4, 2013

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

python_jwt-4.1.0.tar.gz (291.2 kB view details)

Uploaded Nov 13, 2023 Source

Built Distribution

python_jwt-4.1.0-py2.py3-none-any.whl (7.1 kB view details)

Uploaded Nov 13, 2023 Python 2 Python 3

File details

Details for the file python_jwt-4.1.0.tar.gz.

File metadata

Download URL: python_jwt-4.1.0.tar.gz
Upload date: Nov 13, 2023
Size: 291.2 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for python_jwt-4.1.0.tar.gz
Algorithm	Hash digest
SHA256	`f89af071d9bda4741bc80754bd1cfce73e434a2cbb7855086d8604a10bd3fdc5`
MD5	`f4c9d7d15d0b95233a9009ccf9664133`
BLAKE2b-256	`77e6583bac8fa3fbdfd36db587d053a9c4d3692b6d345400d94e278e630b8543`

See more details on using hashes here.

File details

Details for the file python_jwt-4.1.0-py2.py3-none-any.whl.

File metadata

Download URL: python_jwt-4.1.0-py2.py3-none-any.whl
Upload date: Nov 13, 2023
Size: 7.1 kB
Tags: Python 2, Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for python_jwt-4.1.0-py2.py3-none-any.whl
Algorithm	Hash digest
SHA256	`1f4d44b6b9176375489c0374c71f18f27f52524e689174e11dd39a801170c91b`
MD5	`e2415e1e1b97f27ffa9739cce8ccd2c4`
BLAKE2b-256	`18b84c404573791c4ead576d9d98f2749d41f3c61ce293cf07f7960232ec9b74`