python-jwt
Module for generating and verifying JSON Web Tokens.
- Note: From version 2.0.1 the namespace has changed from
jwt
topython_jwt
, in order to avoid conflict with PyJWT. - Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
- Uses jwcrypto to do the heavy lifting.
- Supports RS256, RS384, RS512, PS256, PS384, PS512, HS256, HS384, HS512, ES256, ES384, ES512, ES256K, EdDSA and none signature algorithms.
- Unit tests, including tests for interoperability with jose.
- Supports Python 2,7 and 3.6+. Note: generate_jwt returns the token as a Unicode string, even on Python 2.7.
Example:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]
Licence
Tests
make test
Lint
make lint
Code Coverage
make coverage
coverage.py results are available here.
Coveralls page is here.
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.
Generate Key | user (ns) | sys (ns) | real (ns) |
---|---|---|---|
RSA | 103,100,000 | 200,000 | 103,341,537 |
Generate Token | user (ns) | sys (ns) | real (ns) |
---|---|---|---|
HS256 | 220,000 | 0 | 226,478 |
HS384 | 220,000 | 0 | 218,233 |
HS512 | 230,000 | 0 | 225,823 |
PS256 | 1,530,000 | 10,000 | 1,536,235 |
PS384 | 1,550,000 | 0 | 1,549,844 |
PS512 | 1,520,000 | 10,000 | 1,524,844 |
RS256 | 1,520,000 | 10,000 | 1,524,565 |
RS384 | 1,530,000 | 0 | 1,528,074 |
RS512 | 1,510,000 | 0 | 1,526,089 |
Load Key | user (ns) | sys (ns) | real (ns) |
---|---|---|---|
RSA | 210,000 | 3,000 | 210,791 |
Verify Token | user (ns) | sys (ns) | real (ns) |
---|---|---|---|
HS256 | 100,000 | 0 | 101,478 |
HS384 | 100,000 | 10,000 | 103,014 |
HS512 | 110,000 | 0 | 104,323 |
PS256 | 230,000 | 0 | 231,058 |
PS384 | 240,000 | 0 | 237,551 |
PS512 | 240,000 | 0 | 232,450 |
RS256 | 230,000 | 0 | 227,737 |
RS384 | 230,000 | 0 | 230,698 |
RS512 | 230,000 | 0 | 228,624 |