Module for generating and verifying JSON Web Tokens
Project description
Module for generating and verifying JSON Web Tokens.
Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you’re using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
Uses python-jws to do the heavy lifting.
Supports **RS256**, **RS384**, **RS512**, **PS256**, **PS384**, **PS512**, **HS256**, **HS384**, **HS512** and **none** signature algorithms.
Unit tests, including tests for interoperability with node-jsjws.
Supports Python 3.4. Note: generate_jwt returns the token as a Unicode string, even on Python 2.7.
Example:
import jwt, Crypto.PublicKey.RSA as RSA, datetime
key = RSA.generate(2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import jwt, Crypto.PublicKey.RSA as RSA, datetime
key = RSA.generate(2048)
priv_pem = key.exportKey()
pub_pem = key.publickey().exportKey()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = RSA.importKey(priv_pem)
pub_key = RSA.importKey(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]
Licence
Tests
make test
Lint
make lint
Code Coverage
make coverage
coverage.py results are available here.
Coveralls page is here.
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-3210M 2.5Ghz CPU and 6Gb RAM running Ubuntu 13.04.
Generate Key |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
RSA |
152,700,000 |
300,000 |
152,906,095 |
Generate Token |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
HS256 |
140,000 |
10,000 |
157,202 |
HS384 |
160,000 |
10,000 |
156,403 |
HS512 |
139,999 |
20,000 |
153,212 |
PS256 |
3,159,999 |
49,999 |
3,218,649 |
PS384 |
3,170,000 |
10,000 |
3,176,899 |
PS512 |
3,120,000 |
9,999 |
3,141,219 |
RS256 |
3,070,000 |
20,000 |
3,094,644 |
RS384 |
3,090,000 |
0 |
3,092,471 |
RS512 |
3,079,999 |
20,000 |
3,095,314 |
Load Key |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
RSA |
811,000 |
0 |
810,139 |
Verify Token |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
HS256 |
140,000 |
0 |
129,947 |
HS384 |
130,000 |
0 |
130,161 |
HS512 |
119,999 |
0 |
128,850 |
PS256 |
780,000 |
10,000 |
775,609 |
PS384 |
759,999 |
0 |
752,933 |
PS512 |
739,999 |
0 |
738,118 |
RS256 |
700,000 |
0 |
719,365 |
RS384 |
719,999 |
0 |
721,524 |
RS512 |
730,000 |
0 |
719,706 |
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for python_jwt-1.1.7-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1d4b0577699fc6327befcb5132683c3df268b9aaf898f5c673dd47d589cb67bd |
|
MD5 | bcaac4226b3771a9a1d33b793a6e863e |
|
BLAKE2b-256 | 9abe8994f91583a8461e956cb47dc897bc47db8e29fd725670ca2961bc44da87 |