• This repository has been archived on 13/Nov/2023
  • Stars
    star
    219
  • Rank 181,133 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created about 11 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Python module for generating and verifying JSON Web Tokens

python-jwt   Build Status Coverage Status PyPI version

Module for generating and verifying JSON Web Tokens.

All versions of python-jwt are now DEPRECATED. I don't have the time to maintain this module.

  • Note: Versions 3.3.4 and later fix a vulnerability (CVE-2022-39227) in JSON Web Token verification which lets an attacker with a valid token re-use its signature with modified claims. CVE to follow. Please upgrade!
  • Note: From version 2.0.1 the namespace has changed from jwt to python_jwt, in order to avoid conflict with PyJWT.
  • Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
  • Uses jwcrypto to do the heavy lifting.
  • Supports RS256, RS384, RS512, PS256, PS384, PS512, HS256, HS384, HS512, ES256, ES384, ES512, ES256K, EdDSA and none signature algorithms.
  • Unit tests, including tests for interoperability with jose.
  • Supports Python 3.6+. Note: generate_jwt returns the token as a Unicode string.

Example:

import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]

The API is described here.

Installation

pip install python_jwt

Another Example

You can read and write keys from and to PEM-format strings:

import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]

Licence

MIT

Tests

make test

Lint

make lint

Code Coverage

make coverage

coverage.py results are available here.

Coveralls page is here.

Benchmarks

make bench

Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.

Generate Key user (ns) sys (ns) real (ns)
RSA 103,100,000 200,000 103,341,537
Generate Token user (ns) sys (ns) real (ns)
HS256 220,000 0 226,478
HS384 220,000 0 218,233
HS512 230,000 0 225,823
PS256 1,530,000 10,000 1,536,235
PS384 1,550,000 0 1,549,844
PS512 1,520,000 10,000 1,524,844
RS256 1,520,000 10,000 1,524,565
RS384 1,530,000 0 1,528,074
RS512 1,510,000 0 1,526,089
Load Key user (ns) sys (ns) real (ns)
RSA 210,000 3,000 210,791
Verify Token user (ns) sys (ns) real (ns)
HS256 100,000 0 101,478
HS384 100,000 10,000 103,014
HS512 110,000 0 104,323
PS256 230,000 0 231,058
PS384 240,000 0 237,551
PS512 240,000 0 232,450
RS256 230,000 0 227,737
RS384 230,000 0 230,698
RS512 230,000 0 228,624

More Repositories

1

dxf

Docker registry v2 client in Python
Python
75
star
2

shared-memory-disruptor

Shared memory LMAX Disruptor for Node
HTML
59
star
3

webm-muxer.js

WebM muxer using libwebm and webm-tools compiled to Wasm
JavaScript
50
star
4

streamana

Stream from your Web browser to YouTube Live. No plugins or native apps required!
JavaScript
50
star
5

qlobber

Node.js globbing for amqp-like topics
HTML
48
star
6

frame-stream

Length-prefixed message framing for Node.js streams.
JavaScript
26
star
7

qlobber-fsq

Shared file system queue. Supports pub-sub, work queues, wildcards, multi-process and distributed use.
HTML
24
star
8

webauthn4js

Web Authentication for Node.js applications
JavaScript
22
star
9

fold

Run VMs on a Weave network
Shell
19
star
10

bpmux

Node stream multiplexing with back-pressure on each stream
HTML
18
star
11

node-jsjws

Node.js wrapper around jsrsasign (https://github.com/kjur/jsrsasign)
HTML
17
star
12

simple-crypt

Simple and easy-to-use encryption and signing module
JavaScript
16
star
13

authorize-jwt

Simple JSON Web Token authorization with WebAuthn support
JavaScript
13
star
14

browser-http2-duplex

Full-duplex stream emulation over HTTP/2
HTML
13
star
15

dtuf

Docker registry bindings for The Update Framework in Python
HTML
12
star
16

heddle

Linux distribution for Docker and KVM. Uses Aboriginal Linux.
C
8
star
17

node-lora-comms

Node.js module to read and write LoRa packets on a gateway. Packet forwarder process NOT required!
HTML
8
star
18

nfdhcpd

NFQUEUE-based DHCP and DNS server. Forked from https://code.grnet.gr/git/nfdhcpd
Python
7
star
19

mce

State-saving, continuation-passing metacircular evaluator for Scheme. Implementations in Scheme, C, C++, JS and WASM.
C++
6
star
20

cp-remote

Remote child_process runner with message support
HTML
5
star
21

txf

File transfer service. Pipes PUT to GET. HMAC access control.
HTML
3
star
22

fastest-writable

Node.js Writable stream which goes at the speed of its fastest peer and ends peers which can't keep up
JavaScript
3
star
23

lorano

Compact and opinionated LoRa communications library for Node.js
HTML
3
star
24

matroska-schema

ts-ebml compatible schema.js automatically generated from Matroska schema XML files
JavaScript
3
star
25

centro

Pub-sub and work queue server. Wildcards, streams, back-pressure, multi-transport. Just Node and a filesystem required.
HTML
2
star
26

primus-backpressure

Node streams2 over Primus: added back-pressure!
JavaScript
2
star
27

davedoesdev

My blog using ruhoh
HTML
2
star
28

mqlobber

Streaming message queue with pub-sub, work queues, wildcards and back-pressure. Just Node and a filesystem required.
JavaScript
2
star
29

build-couchdb-gha

Script for building CouchDB on Github Actions, with releases. Also works on Ubuntu 23.04.
Shell
2
star
30

grunt-apidox

Grunt plugin to generate node.js API markdown using apidox
HTML
2
star
31

getdents

Call getdents64 from Javscript
HTML
2
star
32

webauthn-perk

Claims-based Web Authentication
JavaScript
2
star
33

atributo

Allocate jobs across a variable number of instances
JavaScript
1
star
34

dobby

Heddle extension: Salt, Weave, Fold and nfdhcpd. WIP.
Shell
1
star
35

pub-keystore

Simple store for public keys, with issuer IDs and change notification
HTML
1
star
36

qlobber-pg

PostgreSQL-based pub-sub and workqueues for Node. Supports AMQP-like wildcard topics.
JavaScript
1
star