python-jwt 4.1.0
Last updated:
0 purchases
Description:
pythonjwt 4.1.0
python-jwt
Module for generating and verifying JSON Web Tokens.
All versions of python-jwt are now DEPRECATED. I don't have the time to maintain this module.
Note: Versions 3.3.4 and later fix a vulnerability (CVE-2022-39227) in JSON Web Token verification which lets an attacker with a valid token re-use its signature with modified claims. CVE to follow. Please upgrade!
Note: From version 2.0.1 the namespace has changed from jwt to python_jwt, in order to avoid conflict with PyJWT.
Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
Uses jwcrypto to do the heavy lifting.
Supports RS256, RS384, RS512, PS256, PS384, PS512, HS256, HS384, HS512, ES256, ES384, ES512, ES256K, EdDSA and none signature algorithms.
Unit tests, including tests for interoperability with jose.
Supports Python 3.6+. Note: generate_jwt returns the token as a Unicode string.
Example:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
payload = { 'foo': 'bar', 'wup': 90 };
token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, key, ['PS256'])
for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
key = jwk.JWK.generate(kty='RSA', size=2048)
priv_pem = key.export_to_pem(private_key=True, password=None)
pub_pem = key.export_to_pem()
payload = { 'foo': 'bar', 'wup': 90 };
priv_key = jwk.JWK.from_pem(priv_pem)
pub_key = jwk.JWK.from_pem(pub_pem)
token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
for k in payload: assert claims[k] == payload[k]
Licence
MIT
Tests
make test
Lint
make lint
Code Coverage
make coverage
coverage.py results are available here.
Coveralls page is here.
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.
Generate Key
user (ns)
sys (ns)
real (ns)
RSA
103,100,000
200,000
103,341,537
Generate Token
user (ns)
sys (ns)
real (ns)
HS256
220,000
0
226,478
HS384
220,000
0
218,233
HS512
230,000
0
225,823
PS256
1,530,000
10,000
1,536,235
PS384
1,550,000
0
1,549,844
PS512
1,520,000
10,000
1,524,844
RS256
1,520,000
10,000
1,524,565
RS384
1,530,000
0
1,528,074
RS512
1,510,000
0
1,526,089
Load Key
user (ns)
sys (ns)
real (ns)
RSA
210,000
3,000
210,791
Verify Token
user (ns)
sys (ns)
real (ns)
HS256
100,000
0
101,478
HS384
100,000
10,000
103,014
HS512
110,000
0
104,323
PS256
230,000
0
231,058
PS384
240,000
0
237,551
PS512
240,000
0
232,450
RS256
230,000
0
227,737
RS384
230,000
0
230,698
RS512
230,000
0
228,624
License:
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
Customer Reviews
There are no reviews.
