python-jwt 
Module for generating and verifying JSON Web Tokens.
- Note: From version 2.0.1 the namespace has changed from
jwttopython_jwt, in order to avoid conflict with PyJWT. - Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
- Uses jwcrypto to do the heavy lifting.
- Supports RS256, RS384, RS512, PS256, PS384, PS512, HS256, HS384, HS512, ES256, ES384, ES512, ES256K, EdDSA and none signature algorithms.
- Unit tests, including tests for interoperability with jose.
- Supports Python 2,7 and 3.6+. Note: generate_jwt returns the token as a Unicode string, even on Python 2.7.
Example:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]
Licence
Tests
make test
Lint
make lint
Code Coverage
make coverage
coverage.py results are available here.
Coveralls page is here.
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.
| Generate Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 103,100,000 | 200,000 | 103,341,537 |
| Generate Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 220,000 | 0 | 226,478 |
| HS384 | 220,000 | 0 | 218,233 |
| HS512 | 230,000 | 0 | 225,823 |
| PS256 | 1,530,000 | 10,000 | 1,536,235 |
| PS384 | 1,550,000 | 0 | 1,549,844 |
| PS512 | 1,520,000 | 10,000 | 1,524,844 |
| RS256 | 1,520,000 | 10,000 | 1,524,565 |
| RS384 | 1,530,000 | 0 | 1,528,074 |
| RS512 | 1,510,000 | 0 | 1,526,089 |
| Load Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 210,000 | 3,000 | 210,791 |
| Verify Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 100,000 | 0 | 101,478 |
| HS384 | 100,000 | 10,000 | 103,014 |
| HS512 | 110,000 | 0 | 104,323 |
| PS256 | 230,000 | 0 | 231,058 |
| PS384 | 240,000 | 0 | 237,551 |
| PS512 | 240,000 | 0 | 232,450 |
| RS256 | 230,000 | 0 | 227,737 |
| RS384 | 230,000 | 0 | 230,698 |
| RS512 | 230,000 | 0 | 228,624 |
154 Jan 03, 2023
1 Aug 18, 2022
49 Dec 23, 2022
56 Dec 08, 2022
1 Jan 13, 2022
408 Jan 05, 2023
1k Dec 28, 2022
1 Jan 07, 2022
220 Jan 05, 2023
8 May 31, 2022
35 Dec 14, 2022
12 May 22, 2022
132 Dec 14, 2022
6 Oct 03, 2022
1 Feb 11, 2022
11 Dec 11, 2022
3.2k Dec 31, 2022
181 Jan 01, 2023
11 Nov 20, 2022
2.5k Jan 02, 2023