python-jwt 
Module for generating and verifying JSON Web Tokens.
- Note: From version 2.0.1 the namespace has changed from
jwttopython_jwt, in order to avoid conflict with PyJWT. - Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
- Uses jwcrypto to do the heavy lifting.
- Supports RS256, RS384, RS512, PS256, PS384, PS512, HS256, HS384, HS512, ES256, ES384, ES512, ES256K, EdDSA and none signature algorithms.
- Unit tests, including tests for interoperability with jose.
- Supports Python 2,7 and 3.6+. Note: generate_jwt returns the token as a Unicode string, even on Python 2.7.
Example:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]
Licence
Tests
make test
Lint
make lint
Code Coverage
make coverage
coverage.py results are available here.
Coveralls page is here.
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.
| Generate Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 103,100,000 | 200,000 | 103,341,537 |
| Generate Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 220,000 | 0 | 226,478 |
| HS384 | 220,000 | 0 | 218,233 |
| HS512 | 230,000 | 0 | 225,823 |
| PS256 | 1,530,000 | 10,000 | 1,536,235 |
| PS384 | 1,550,000 | 0 | 1,549,844 |
| PS512 | 1,520,000 | 10,000 | 1,524,844 |
| RS256 | 1,520,000 | 10,000 | 1,524,565 |
| RS384 | 1,530,000 | 0 | 1,528,074 |
| RS512 | 1,510,000 | 0 | 1,526,089 |
| Load Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 210,000 | 3,000 | 210,791 |
| Verify Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 100,000 | 0 | 101,478 |
| HS384 | 100,000 | 10,000 | 103,014 |
| HS512 | 110,000 | 0 | 104,323 |
| PS256 | 230,000 | 0 | 231,058 |
| PS384 | 240,000 | 0 | 237,551 |
| PS512 | 240,000 | 0 | 232,450 |
| RS256 | 230,000 | 0 | 227,737 |
| RS384 | 230,000 | 0 | 230,698 |
| RS512 | 230,000 | 0 | 228,624 |
3.3k Jan 01, 2023
11 Dec 11, 2022
1k Dec 22, 2022
0 Sep 23, 2022
0 Jun 24, 2022
408 Jan 05, 2023
12 Dec 16, 2022
363 Dec 24, 2022
915 Dec 28, 2022
1 Jan 30, 2022
18 Jul 09, 2022
1.6k Dec 19, 2022
1.6k Dec 30, 2022
229 Jan 05, 2023
3.3k Jan 01, 2023
31 Dec 11, 2022
10 Dec 12, 2022
1.1k Jan 05, 2023
116 Nov 09, 2022
6 May 12, 2022