Module for generating and verifying JSON Web Tokens

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for davedoesdev from gravatar.com davedoesdev

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: David Halls
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

python-jwt   Build Status Coverage Status PyPI version

Module for generating and verifying JSON Web Tokens.

All versions of python-jwt are now DEPRECATED. I don't have the time to maintain this module.

  • Note: Versions 3.3.4 and later fix a vulnerability (CVE-2022-39227) in JSON Web Token verification which lets an attacker with a valid token re-use its signature with modified claims. CVE to follow. Please upgrade!
  • Note: From version 2.0.1 the namespace has changed from jwt to python_jwt, in order to avoid conflict with PyJWT.
  • Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
  • Uses jwcrypto to do the heavy lifting.
  • Supports RS256, RS384, RS512, PS256, PS384, PS512, HS256, HS384, HS512, ES256, ES384, ES512, ES256K, EdDSA and none signature algorithms.
  • Unit tests, including tests for interoperability with jose.
  • Supports Python 3.6+. Note: generate_jwt returns the token as a Unicode string.

Example:

import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]

The API is described here.

Installation

pip install python_jwt

Another Example

You can read and write keys from and to PEM-format strings:

import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]

Licence

MIT

Tests

make test

Lint

make lint

Code Coverage

make coverage

coverage.py results are available here.

Coveralls page is here.

Benchmarks

make bench

Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.

Generate Key user (ns) sys (ns) real (ns)
RSA 103,100,000 200,000 103,341,537
Generate Token user (ns) sys (ns) real (ns)
HS256 220,000 0 226,478
HS384 220,000 0 218,233
HS512 230,000 0 225,823
PS256 1,530,000 10,000 1,536,235
PS384 1,550,000 0 1,549,844
PS512 1,520,000 10,000 1,524,844
RS256 1,520,000 10,000 1,524,565
RS384 1,530,000 0 1,528,074
RS512 1,510,000 0 1,526,089
Load Key user (ns) sys (ns) real (ns)
RSA 210,000 3,000 210,791
Verify Token user (ns) sys (ns) real (ns)
HS256 100,000 0 101,478
HS384 100,000 10,000 103,014
HS512 110,000 0 104,323
PS256 230,000 0 231,058
PS384 240,000 0 237,551
PS512 240,000 0 232,450
RS256 230,000 0 227,737
RS384 230,000 0 230,698
RS512 230,000 0 228,624

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for davedoesdev from gravatar.com davedoesdev

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: David Halls
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

This version

4.1.0

4.0.0

3.3.5

3.3.4

3.3.3

3.3.2

3.3.1

3.3.0

3.2.6

3.2.5

3.2.4

3.2.3

3.2.2

3.2.1

3.2.0

3.1.0

3.0.0

2.0.2

2.0.1

2.0.0

1.2.1

1.2.0

1.1.7

1.1.6

1.1.5

1.1.3

1.1.2

1.1.1

1.1.0

1.0.3

1.0.2

1.0.1

1.0.0

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

0.3.0

0.2.1

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

python_jwt-4.1.0.tar.gz (291.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

python_jwt-4.1.0-py2.py3-none-any.whl (7.1 kB view details)

Uploaded Python 2Python 3

File details

Details for the file python_jwt-4.1.0.tar.gz.

File metadata

  • Download URL: python_jwt-4.1.0.tar.gz
  • Upload date:
  • Size: 291.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for python_jwt-4.1.0.tar.gz
Algorithm Hash digest
SHA256 f89af071d9bda4741bc80754bd1cfce73e434a2cbb7855086d8604a10bd3fdc5
MD5 f4c9d7d15d0b95233a9009ccf9664133
BLAKE2b-256 77e6583bac8fa3fbdfd36db587d053a9c4d3692b6d345400d94e278e630b8543

See more details on using hashes here.

File details

Details for the file python_jwt-4.1.0-py2.py3-none-any.whl.

File metadata

  • Download URL: python_jwt-4.1.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 7.1 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for python_jwt-4.1.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 1f4d44b6b9176375489c0374c71f18f27f52524e689174e11dd39a801170c91b
MD5 e2415e1e1b97f27ffa9739cce8ccd2c4
BLAKE2b-256 18b84c404573791c4ead576d9d98f2749d41f3c61ce293cf07f7960232ec9b74

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page