Skip to main content

JSON Web Token implementation in Python

Project description

A Python implementation of [JSON Web Token draft 01](http://self-issued.info/docs/draft-jones-json-web-token-01.html).

This is Mozilla’s fork of [PyJWT](http://pypi.python.org/pypi/PyJWT) which adds RSA algorithms, fixes some timing attacks, and makes a few other adjustments. It is used in projects such as [webpay](https://github.com/mozilla/webpay).

Installing

Install the module with [pip](http://www.pip-installer.org/) or something similar:

pip install PyJWT-mozilla

This install step will also install/compile [M2Crypto](http://pypi.python.org/pypi/M2Crypto) so you will need swig for this. You can get it with a package manager like:

brew install swig

Alternatively you can probably find a binary package for M2Crypto with something like this:

sudo apt-get install python-m2crypto

Usage

import jwt jwt.encode({“some”: “payload”}, “secret”)

Note the resulting JWT will not be encrypted, but verifiable with a secret key.

jwt.decode(“someJWTstring”, “secret”)

If the secret is wrong, it will raise a jwt.DecodeError telling you as such. You can still get at the payload by setting the verify argument to false.

jwt.decode(“someJWTstring”, verify=False)

Algorithms

The JWT spec supports several algorithms for cryptographic signing. This library currently supports:

  • HS256 - HMAC using SHA-256 hash algorithm (default)

  • HS384 - HMAC using SHA-384 hash algorithm

  • HS512 - HMAC using SHA-512 hash algorithm

  • RS256 - RSA using SHA-256 hash algorithm

  • RS384 - RSA using SHA-384 hash algorithm

  • RS512 - RSA using SHA-584 hash algorithm

Change the algorithm with by setting it in encode:

jwt.encode({“some”: “payload”}, “secret”, “HS512”)

Tests

Install the project in a [virtualenv](http://pypi.python.org/pypi/virtualenv) (or wherever) by typing this from the root:

python setup.py develop

Run the tests like this:

python tests/test_jwt.py

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

PyJWT-mozilla-0.1.5.tar.gz (5.4 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page