This repository was archived by the owner on Nov 13, 2023. It is now read-only.
- Notifications
You must be signed in to change notification settings - Fork30
Python module for generating and verifying JSON Web Tokens
License
NotificationsYou must be signed in to change notification settings
davedoesdev/python-jwt
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Module for generating and verifyingJSON Web Tokens.
All versions of python-jwt are now DEPRECATED. I don't have the time to maintain this module.
- Note: Versions 3.3.4 and later fix avulnerability (CVE-2022-39227) in JSON Web Token verification which lets an attacker with a valid token re-use its signature with modified claims. CVE to follow. Please upgrade!
- Note: From version 2.0.1 the namespace has changed from
jwttopython_jwt, in order to avoid conflict withPyJWT. - Note: Versions 1.0.0 and later fix avulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application.verify_jwt now requires you to specify which signature algorithms are allowed.
- Usesjwcrypto to do the heavy lifting.
- SupportsRS256,RS384,RS512,PS256,PS384,PS512,HS256,HS384,HS512,ES256,ES384,ES512,ES256K,EdDSA andnone signature algorithms.
- Unit tests, including tests for interoperability withjose.
- Supports Python 3.6+.Note:generate_jwt returns the token as a Unicode string.
Example:
importpython_jwtasjwt,jwcrypto.jwkasjwk,datetimekey=jwk.JWK.generate(kty='RSA',size=2048)payload= {'foo':'bar','wup':90 };token=jwt.generate_jwt(payload,key,'PS256',datetime.timedelta(minutes=5))header,claims=jwt.verify_jwt(token,key, ['PS256'])forkinpayload:assertclaims[k]==payload[k]
The API is describedhere.
pip install python_jwt
You can read and write keys from and toPEM-format strings:
importpython_jwtasjwt,jwcrypto.jwkasjwk,datetimekey=jwk.JWK.generate(kty='RSA',size=2048)priv_pem=key.export_to_pem(private_key=True,password=None)pub_pem=key.export_to_pem()payload= {'foo':'bar','wup':90 };priv_key=jwk.JWK.from_pem(priv_pem)pub_key=jwk.JWK.from_pem(pub_pem)token=jwt.generate_jwt(payload,priv_key,'RS256',datetime.timedelta(minutes=5))header,claims=jwt.verify_jwt(token,pub_key, ['RS256'])forkinpayload:assertclaims[k]==payload[k]
maketestmake lint
make coverage
coverage.py results are availablehere.
Coveralls page ishere.
make bench
Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.
| Generate Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 103,100,000 | 200,000 | 103,341,537 |
| Generate Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 220,000 | 0 | 226,478 |
| HS384 | 220,000 | 0 | 218,233 |
| HS512 | 230,000 | 0 | 225,823 |
| PS256 | 1,530,000 | 10,000 | 1,536,235 |
| PS384 | 1,550,000 | 0 | 1,549,844 |
| PS512 | 1,520,000 | 10,000 | 1,524,844 |
| RS256 | 1,520,000 | 10,000 | 1,524,565 |
| RS384 | 1,530,000 | 0 | 1,528,074 |
| RS512 | 1,510,000 | 0 | 1,526,089 |
| Load Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 210,000 | 3,000 | 210,791 |
| Verify Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 100,000 | 0 | 101,478 |
| HS384 | 100,000 | 10,000 | 103,014 |
| HS512 | 110,000 | 0 | 104,323 |
| PS256 | 230,000 | 0 | 231,058 |
| PS384 | 240,000 | 0 | 237,551 |
| PS512 | 240,000 | 0 | 232,450 |
| RS256 | 230,000 | 0 | 227,737 |
| RS384 | 230,000 | 0 | 230,698 |
| RS512 | 230,000 | 0 | 228,624 |
About
Python module for generating and verifying JSON Web Tokens
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
No packages published
Uh oh!
There was an error while loading.Please reload this page.
Contributors5
Uh oh!
There was an error while loading.Please reload this page.