Skip to main content
Join the official 2019 Python Developers SurveyStart the survey!

A JSON Web Token Middleware for Starlette

Project description


JWT Middleware for the pythonic Starlette API framework


pypi travis codecov

JSON Web Token Middleware for use with Starlette framework.


$ pip install starlette-jwt

Alternatively, install through pipenv.

$ pipenv install starlette-jwt


Register the Middleware with your app.

from starlette.applications import Starlette
from starlette_jwt import JWTAuthenticationBackend
from starlette.middleware.authentication import AuthenticationMiddleware

app = Starlette()
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', prefix='JWT'))

Access the JWT payload in a request, Enforce handlers to be with authentication.

The @authentication_required decorator will enforce the user to be logged in for that route. Meanwhile the @anonymous_allowed will allow anonymous users to hit the route.

The default behavior is @anonymous_allowed so your code be explicit.

from starlette.authentication import requires

def my_handler(request):
async def homepage(request):
    return JSONResponse({'payload': request.session})

Not all handlers must be with authentication

async def homepage(request):
    return JSONResponse({'payload': None})



Store your secret key in this setting while creating the middleware:

app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='MY SECRET KEY'))


Configures the jwt algorithm to use (defaults to "HS256", "RSA256" available):

public_key = b'-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEAC...'
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key=public_key, algorithm='RS256'))

NOTE: In order to make starlette-jwt with the RSA256 Algorithm, you must have the package cryptography>=2.7


Change the Authorization header prefix string (defaults to "JWT"):

# Example: changes the prefix to Bearer
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', prefix='Bearer'))


The user name field in the JWT token payload:

# Example: changes the username field to "user"
app.add_middleware(AuthenticationMiddleware, backend=JWTAuthenticationBackend(secret_key='secret', username_field='user'))


  • Support JWT token standard payload
  • Set JWT options (time expiration for example)


This project uses pipenv to manage its development environment, and pytest as its tests runner. To install development dependencies:

pipenv install --dev

To run tests:

pipenv shell

This project uses Codecov to enforce code coverage on all pull requests. To run tests locally and output a code coverage report, run:

pipenv shell
pytest --cov=starlette_test/

Deploying new version to pypi (Mainteiners)

python3.7 sdist
twine upload --repository-url dist/*


Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for starlette-jwt, version 0.1.6
Filename, size File type Python version Upload date Hashes
Filename, size starlette_jwt-0.1.6.tar.gz (3.8 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page