A super simple JWT library for Python
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
A modern implementation of JSON Web Token (JWT) for Python.
With powerful Pydantic validation features.
Overview & Installation
SuperJWT is a minimalist JWT library for Python 3.10+ that combines the simplicity of JWT encoding/decoding with the power of Pydantic validation. It supports JWS (JSON Web Signature) format, HMAC and asymmetric algorithms (RSA, ECDSA, EdDSA). SuperJWT includes advanced features like enhanced time integrity checks, compact token inspection, custom timestamp serialization, detached payload mode, time spoofing and more.
Key Features:
- 🔐 Secure by default - JWS signature algorithm required.
- 🪶 Minimalist - Clean, modern code with minimal dependencies.
- ✔️ JWT validation - Easy claims validation with Pydantic models.
- 🏷️ Type hints - IDE autocompletion with your JWT claims or JOSE headers.
Install via pip:
pip install superjwt
Usage
SuperJWT makes it easy to encode and decode JWT tokens with automatic validation and serialization. Here are the fundamental operations:
Basic Usage 🐣
Encode manually your claims from a dict. During decoding, validate your JWT content against a standard JWT claims Pydantic model.
from superjwt import Alg, JWTClaims, encode, decode
secret_key = "your-secret-key-of-len-32-bytes!"
compact: bytes = encode({"iss": "my-app", "sub": "John Doe"}, secret_key, Alg.HS256)
print(compact)
#> b'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
# .eyJpc3MiOiJteS1hcHAiLCJzdWIiOiJKb2huIERvZSJ9
# .HwnUqTLFAMzNkMrokd0aI7c-zSJJpSVXMrYIhUyWe4s'
decoded: JWTClaims = decode(compact, secret_key, Alg.HS256)
print(decoded.to_dict())
#> {'iss': 'my-app', 'sub': 'John Doe'}
print(decoded.sub)
#> 'John Doe'
Define dynamically your claims with Pydantic and easily include 'iat' (Issued At) and 'exp' (Expiration).
Validate your JWT content automatically during encoding and decoding.
from superjwt import Alg, JWTClaims, encode, decode
secret_key = "your-secret-key-of-len-32-bytes!"
claims = (
JWTClaims(iss="my-app", sub="John Doe")
.with_issued_at()
.with_expiration(minutes=15)
)
compact: bytes = encode(claims, secret_key, Alg.HS256)
decoded: JWTClaims = decode(compact, secret_key, Alg.HS256)
print(decoded.to_dict())
#> {'iss': 'my-app', 'sub': 'John Doe', 'iat': 1767027483, 'exp': 1767028383}
print(decoded.exp)
#> 1767028383
Custom Claims and Validation
Redefine standard claims or define new custom ones. Validate automatically during encoding and decoding.
from typing import Annotated
from uuid import UUID
from pydantic import AfterValidator, Field
from superjwt import Alg, JWTClaims, Validation, decode, encode
from superjwt.exceptions import ClaimsValidationError
secret_key = "your-secret-key-of-len-32-bytes!"
class MyJWTClaims(JWTClaims):
# redefine 'sub' as required integer
sub: int = Field(default=...)
# new custom claim: 'user_id' is required and must be a valid UUIDv4 string
user_id: Annotated[str, AfterValidator(lambda x: str(UUID(x, version=4)))]
# Example - Validation PASSING
claims = (
MyJWTClaims(sub=123, user_id="b2a4c791-2cf4-4e41-9a20-8532129ff47c")
.with_expiration(minutes=15)
)
compact = encode(claims, secret_key, Alg.HS256)
decoded: MyJWTClaims = decode(compact, secret_key, Alg.HS256, validation=MyJWTClaims)
print(decoded.to_dict())
#> {'sub': 123, 'exp': 1767027591, 'user_id': 'b2a4c791-2cf4-4e41-9a20-8532129ff47c'}
# Example - Validation FAILING
# create an invalid pydantic claims
invalid_claims = (
MyJWTClaims.model_construct(**{"sub": "John Doe", "user_id": "invalid-uuid-string"})
.with_issued_at()
.with_expiration(minutes=10)
)
# disable claims validation to create an "invalid" compact token
invalid_compact = encode(
invalid_claims, secret_key, Alg.HS256, validation=Validation.DISABLE
)
try:
decode(invalid_compact, secret_key, Alg.HS256, validation=MyJWTClaims)
except ClaimsValidationError as e:
print("Claims validation error:", e)
#> Claims validation error: Claims validation failed
# claim ('sub',) = John Doe -> validation failed (int_parsing):
# Input should be a valid integer, unable to parse string as an integer
# claim ('user_id',) = invalid-uuid-string -> validation failed (value_error):
# Value error, badly formed hexadecimal UUID string
Compact Token Inspection
[!CAUTION] When using
inspect(), the JWT is not verified! Never trust the data until it is verified bydecode().
from superjwt import JWSToken, inspect
compact = (
b"eyJhbGciOiJOb05lIiwidHlwIjoiSldUIn0"
b"."
b"eyJjYW5fSV90cnVzdF95b3UiOiJubyJ9"
b"."
b"BsUynvYTk4w4_TCS39qAUoovSmS7hJxG4fahZGK9RrY"
)
token: JWSToken = inspect(compact)
print(token.payload)
#> {'can_I_trust_you': 'no'}
print(token.headers)
#> {'alg': 'NoNe', 'typ': 'JWT'}
Test
-
Clone repository
-
Install dependencies
pip install -e .[asymmetric] --group test
-
Run tests
pytest
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file superjwt-0.7.0.tar.gz.
File metadata
- Download URL: superjwt-0.7.0.tar.gz
- Upload date:
- Size: 56.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1c2ad84f06f507b502f405b96f682f1809fb2c6ada488b8583c2ed2033eded94
|
|
| MD5 |
b6dc038f5fc705f250888adae40f0161
|
|
| BLAKE2b-256 |
24c16fc68bab0fc10471e439902a6d198af392d7c0353a8cda32c3c38a744777
|
Provenance
The following attestation bundles were made for superjwt-0.7.0.tar.gz:
Publisher:
pypi.yml on ixunio/superjwt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
superjwt-0.7.0.tar.gz -
Subject digest:
1c2ad84f06f507b502f405b96f682f1809fb2c6ada488b8583c2ed2033eded94 - Sigstore transparency entry: 833836296
- Sigstore integration time:
-
Permalink:
ixunio/superjwt@1c5dc25563e1cb7a1af2e2b0b0b90eced7853605 -
Branch / Tag:
refs/tags/v0.7.0 - Owner: https://github.com/ixunio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@1c5dc25563e1cb7a1af2e2b0b0b90eced7853605 -
Trigger Event:
release
-
Statement type:
File details
Details for the file superjwt-0.7.0-py3-none-any.whl.
File metadata
- Download URL: superjwt-0.7.0-py3-none-any.whl
- Upload date:
- Size: 26.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b68b77e2074d26a56508fd418b2fd4c35235ab21f9f546da8ac2038177c0b467
|
|
| MD5 |
86ad603ead1fa35b16a8a7b88e5f024b
|
|
| BLAKE2b-256 |
6eee229022d585a1552b33c90a10fbbaf5319a72ca2987c54da022daf1fc1f44
|
Provenance
The following attestation bundles were made for superjwt-0.7.0-py3-none-any.whl:
Publisher:
pypi.yml on ixunio/superjwt
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
superjwt-0.7.0-py3-none-any.whl -
Subject digest:
b68b77e2074d26a56508fd418b2fd4c35235ab21f9f546da8ac2038177c0b467 - Sigstore transparency entry: 833836298
- Sigstore integration time:
-
Permalink:
ixunio/superjwt@1c5dc25563e1cb7a1af2e2b0b0b90eced7853605 -
Branch / Tag:
refs/tags/v0.7.0 - Owner: https://github.com/ixunio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi.yml@1c5dc25563e1cb7a1af2e2b0b0b90eced7853605 -
Trigger Event:
release
-
Statement type:
