Module for generating and verifying JSON Web Tokens
Project description
Module for generating and verifying JSON Web Tokens.
Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you’re using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
Uses python-jws to do the heavy lifting.
Supports **RS256**, **RS384**, **RS512**, **PS256**, **PS384**, **PS512**, **HS256**, **HS384**, **HS512** and **none** signature algorithms.
Unit tests, including tests for interoperability with node-jsjws.
Supports Python 3.4. Note: generate_jwt returns the token as a Unicode string, even on Python 2.7.
Example:
import jwt, Crypto.PublicKey.RSA as RSA, datetime
key = RSA.generate(2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]The API is described here.
Installation
pip install python_jwtAnother Example
You can read and write keys from and to PEM-format strings:
import jwt, Crypto.PublicKey.RSA as RSA, datetime
key = RSA.generate(2048)
priv_pem = key.exportKey()
pub_pem = key.publickey().exportKey()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = RSA.importKey(priv_pem)
pub_key = RSA.importKey(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]Licence
Tests
make testLint
make lintCode Coverage
make coveragecoverage.py results are available here.
Coveralls page is here.
Benchmarks
make benchHere are some results on a laptop with an Intel Core i5-3210M 2.5Ghz CPU and 6Gb RAM running Ubuntu 13.04.
Generate Key |
user (ns) |
sys (ns) |
real (ns) |
|---|---|---|---|
RSA |
152,700,000 |
300,000 |
152,906,095 |
Generate Token |
user (ns) |
sys (ns) |
real (ns) |
|---|---|---|---|
HS256 |
140,000 |
10,000 |
157,202 |
HS384 |
160,000 |
10,000 |
156,403 |
HS512 |
139,999 |
20,000 |
153,212 |
PS256 |
3,159,999 |
49,999 |
3,218,649 |
PS384 |
3,170,000 |
10,000 |
3,176,899 |
PS512 |
3,120,000 |
9,999 |
3,141,219 |
RS256 |
3,070,000 |
20,000 |
3,094,644 |
RS384 |
3,090,000 |
0 |
3,092,471 |
RS512 |
3,079,999 |
20,000 |
3,095,314 |
Load Key |
user (ns) |
sys (ns) |
real (ns) |
|---|---|---|---|
RSA |
811,000 |
0 |
810,139 |
Verify Token |
user (ns) |
sys (ns) |
real (ns) |
|---|---|---|---|
HS256 |
140,000 |
0 |
129,947 |
HS384 |
130,000 |
0 |
130,161 |
HS512 |
119,999 |
0 |
128,850 |
PS256 |
780,000 |
10,000 |
775,609 |
PS384 |
759,999 |
0 |
752,933 |
PS512 |
739,999 |
0 |
738,118 |
RS256 |
700,000 |
0 |
719,365 |
RS384 |
719,999 |
0 |
721,524 |
RS512 |
730,000 |
0 |
719,706 |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file python_jwt-1.2.0.tar.gz.
File metadata
- Download URL: python_jwt-1.2.0.tar.gz
- Upload date:
- Size: 195.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d3956c0dcba85b0289f23fac23d3658f6e3c115ca04716655f7bf43a06553737
|
|
| MD5 |
a7b99a6f094946e6d9287823dc90f25f
|
|
| BLAKE2b-256 |
8a3169ac254c514c3b5682de4d2926ca251c90c11165ca0eb50f99ac3a4270ef
|
File details
Details for the file python_jwt-1.2.0-py2.py3-none-any.whl.
File metadata
- Download URL: python_jwt-1.2.0-py2.py3-none-any.whl
- Upload date:
- Size: 25.5 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4459c47ee761b4a3f6ff69e8df921d36a53bce7898b5d10581f52bdce498f8f8
|
|
| MD5 |
7d987becdfb10f21055df1defcc49078
|
|
| BLAKE2b-256 |
7b503bff32eff0e72e40ff59b88c10fffd1284d9124f1aeb8e2a5b9fe4ed01f4
|
