Module for generating and verifying JSON Web Tokens
Project description
Module for generating and verifying JSON Web Tokens.
Note: From version 2.0.0 the namespace has changed from jwt to python_jwt, in order to avoid conflict with PyJWT.
Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you’re using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
Uses python-jws to do the heavy lifting.
Supports **RS256**, **RS384**, **RS512**, **PS256**, **PS384**, **PS512**, **HS256**, **HS384**, **HS512** and **none** signature algorithms.
Unit tests, including tests for interoperability with node-jsjws.
Supports Python 3.4. Note: generate_jwt returns the token as a Unicode string, even on Python 2.7.
Example:
import python_jwt as jwt, Crypto.PublicKey.RSA as RSA, datetime
key = RSA.generate(2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import python_jwt as jwt, Crypto.PublicKey.RSA as RSA, datetime
key = RSA.generate(2048)
priv_pem = key.exportKey()
pub_pem = key.publickey().exportKey()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = RSA.importKey(priv_pem)
pub_key = RSA.importKey(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]
Licence
Tests
make test
Lint
make lint
Code Coverage
make coverage
coverage.py results are available here.
Coveralls page is here.
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-3210M 2.5Ghz CPU and 6Gb RAM running Ubuntu 13.04.
Generate Key |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
RSA |
152,700,000 |
300,000 |
152,906,095 |
Generate Token |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
HS256 |
140,000 |
10,000 |
157,202 |
HS384 |
160,000 |
10,000 |
156,403 |
HS512 |
139,999 |
20,000 |
153,212 |
PS256 |
3,159,999 |
49,999 |
3,218,649 |
PS384 |
3,170,000 |
10,000 |
3,176,899 |
PS512 |
3,120,000 |
9,999 |
3,141,219 |
RS256 |
3,070,000 |
20,000 |
3,094,644 |
RS384 |
3,090,000 |
0 |
3,092,471 |
RS512 |
3,079,999 |
20,000 |
3,095,314 |
Load Key |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
RSA |
811,000 |
0 |
810,139 |
Verify Token |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
HS256 |
140,000 |
0 |
129,947 |
HS384 |
130,000 |
0 |
130,161 |
HS512 |
119,999 |
0 |
128,850 |
PS256 |
780,000 |
10,000 |
775,609 |
PS384 |
759,999 |
0 |
752,933 |
PS512 |
739,999 |
0 |
738,118 |
RS256 |
700,000 |
0 |
719,365 |
RS384 |
719,999 |
0 |
721,524 |
RS512 |
730,000 |
0 |
719,706 |
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for python_jwt-2.0.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3c2bbc6d4e491f04e1749428a7584e1cca16d78b69f1a288f19533d224e8369f |
|
MD5 | 18cd44e07c983b43da15d30667401deb |
|
BLAKE2b-256 | d862bf6c53cde867fc31cf395048b24b0a9587b5e0771230d106eb641867f789 |