python_jwt 1.0.0
Module for generating and verifying JSON Web Tokens
Latest Version: 1.0.3
Module for generating and verifying JSON Web Tokens.
- Note: Versions 1.0.0 and later fix a vulnerability in JSON Web Token verification so please upgrade if you’re using this functionality. The API has changed so you will need to update your application. verify_jwt now requires you to specify which signature algorithms are allowed.
- Uses python-jws to do the heavy lifting.
- Supports **RS256**, **RS384**, **RS512**, **PS256**, **PS384**, **PS512**, **HS256**, **HS384**, **HS512** and **none** signature algorithms.
- Unit tests, including tests for interoperability with node-jsjws.
- Tentative support for Python 3.4. Although the examples below work, the unit tests are blocked on PyVows and gevent support for Python 3.4. Note: verify_jwt now returns the token as a Unicode string, even on Python 2.7.
Example:
import jwt, Crypto.PublicKey.RSA as RSA, datetime key = RSA.generate(2048) payload = { 'foo': 'bar', 'wup': 90 }; token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5)) header, claims = jwt.verify_jwt(token, key, ['PS256']) for k in payload: assert claims[k] == payload[k]
The API is described here.
Installation
pip install python_jwt
Another Example
You can read and write keys from and to PEM-format strings:
import jwt, Crypto.PublicKey.RSA as RSA, datetime key = RSA.generate(2048) priv_pem = key.exportKey() pub_pem = key.publickey().exportKey() payload = { 'foo': 'bar', 'wup': 90 }; priv_key = RSA.importKey(priv_pem) pub_key = RSA.importKey(pub_pem) token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5)) header, claims = jwt.verify_jwt(token, pub_key, ['RS256']) for k in payload: assert claims[k] == payload[k]
Licence
Tests
make test
Lint
make lint
Benchmarks
make bench
Here are some results on a laptop with an Intel Core i5-3210M 2.5Ghz CPU and 6Gb RAM running Ubuntu 13.04.
| Generate Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 152,700,000 | 300,000 | 152,906,095 |
| Generate Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 140,000 | 10,000 | 157,202 |
| HS384 | 160,000 | 10,000 | 156,403 |
| HS512 | 139,999 | 20,000 | 153,212 |
| PS256 | 3,159,999 | 49,999 | 3,218,649 |
| PS384 | 3,170,000 | 10,000 | 3,176,899 |
| PS512 | 3,120,000 | 9,999 | 3,141,219 |
| RS256 | 3,070,000 | 20,000 | 3,094,644 |
| RS384 | 3,090,000 | 0 | 3,092,471 |
| RS512 | 3,079,999 | 20,000 | 3,095,314 |
| Load Key | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| RSA | 811,000 | 0 | 810,139 |
| Verify Token | user (ns) | sys (ns) | real (ns) |
|---|---|---|---|
| HS256 | 140,000 | 0 | 129,947 |
| HS384 | 130,000 | 0 | 130,161 |
| HS512 | 119,999 | 0 | 128,850 |
| PS256 | 780,000 | 10,000 | 775,609 |
| PS384 | 759,999 | 0 | 752,933 |
| PS512 | 739,999 | 0 | 738,118 |
| RS256 | 700,000 | 0 | 719,365 |
| RS384 | 719,999 | 0 | 721,524 |
| RS512 | 730,000 | 0 | 719,706 |
| File | Type | Py Version | Uploaded on | Size | |
|---|---|---|---|---|---|
| python_jwt-1.0.0.tar.gz (md5) | Source | 2015-03-12 | 436KB | ||
- Downloads (All Versions):
- 106 downloads in the last day
- 852 downloads in the last week
- 2702 downloads in the last month
- Author: David Halls
- Home Page: https://github.com/davedoesdev/python-jwt
- License: MIT
- Package Index Owner: davedoesdev
- DOAP record: python_jwt-1.0.0.xml