Module for generating and verifying JSON Web Tokens
Project description
Module for generating and verifying JSON Web Tokens.
Note: From version 2.0.1 the namespace has changed from jwt to python_jwt, in order to avoid conflict with PyJWT.
Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you’re using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
Uses jwcrypto to do the heavy lifting.
Supports **RS256**, **RS384**, **RS512**, **PS256**, **PS384**, **PS512**, **HS256**, **HS384**, **HS512** and **none** signature algorithms.
Unit tests, including tests for interoperability with node-jsjws.
Supports Python 3.6. Note: generate_jwt returns the token as a Unicode string, even on Python 2.7.
Example:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]
Licence
Tests
make test
Lint
make lint
Code Coverage
make coverage
coverage.py results are available here.
Coveralls page is here.
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.
Generate Key |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
RSA |
103,100,000 |
200,000 |
103,341,537 |
Generate Token |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
HS256 |
220,000 |
0 |
226,478 |
HS384 |
220,000 |
0 |
218,233 |
HS512 |
230,000 |
0 |
225,823 |
PS256 |
1,530,000 |
10,000 |
1,536,235 |
PS384 |
1,550,000 |
0 |
1,549,844 |
PS512 |
1,520,000 |
10,000 |
1,524,844 |
RS256 |
1,520,000 |
10,000 |
1,524,565 |
RS384 |
1,530,000 |
0 |
1,528,074 |
RS512 |
1,510,000 |
0 |
1,526,089 |
Load Key |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
RSA |
210,000 |
3,000 |
210,791 |
Verify Token |
user (ns) |
sys (ns) |
real (ns) |
---|---|---|---|
HS256 |
100,000 |
0 |
101,478 |
HS384 |
100,000 |
10,000 |
103,014 |
HS512 |
110,000 |
0 |
104,323 |
PS256 |
230,000 |
0 |
231,058 |
PS384 |
240,000 |
0 |
237,551 |
PS512 |
240,000 |
0 |
232,450 |
RS256 |
230,000 |
0 |
227,737 |
RS384 |
230,000 |
0 |
230,698 |
RS512 |
230,000 |
0 |
228,624 |
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for python_jwt-3.1.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2dea836107be86e62c58107bdc49630de50b288d87414919de2bca4f91e2b236 |
|
MD5 | 368bfeac5fed17ac8f7115e03759bbbe |
|
BLAKE2b-256 | 00afa09a11af6cb5514e84b6e41b0702648d1ca3807f402c97e779c14d3a939e |