# JWT Pro - JWT Generation & Verification with AES Encryption
Welcome to `JWT Pro`, your go-to Python package for creating and verifying JSON Web Tokens (JWTs). With support for AES encryption and HMAC signatures, it ensures your user authentication and data transmission are as secure as possible. The package is highly customizable, letting you tweak encryption settings, headers, payloads and validation to fit your needs perfectly.
---
## Features
- **JWT Generation**: Create JSON Web Tokens with optional AES encryption.
- **HMAC Signatures**: Secure token signatures using HMAC with customizable algorithms.
- **Expiration Handling**: Automatic expiration handling with timestamp-based validation.
- **Customizable Headers & Payload**: Flexible header and payload creation.
- **Encryption Option**: AES encryption for protecting sensitive data in the payload.
- **Token Verification**: Validate tokens and verify signatures with proper error handling.
---
## Benefits
- **Security**: Ensures secure data transmission with AES encryption.
- **Ease of Use**: Simple API for token generation and verification.
- **Customization**: Flexible header and payload structures allow custom implementations.
- **Scalability**: Suitable for scalable applications with token-based authentication.
- **Reliability**: Automatic expiration checks and error handling for invalid tokens.
---
## Installation
This package is available through the [PyPI registry](__https://pypi.org/project/random-password-toolkit/__).
Before installing, ensure you have Python 3.6 or higher installed. You can download and install Python from [python.org](__https://www.python.org/downloads/__).
You can install the package using `pip`:
```bash
pip install jwt-pro
```
---
## Methods
| Method | Description |
|---------------------------|---------------------------------------------------------------------------|
| `generate_token()` | Generates a JWT with a custom header, payload, and optional encryption. |
| `verify_token()` | Verifies a JWT token and checks its validity, expiration, and integrity. |
---
## Encrypt Option (encrypt=True vs encrypt=False)
The `encrypt` parameter in the `generate_token()` and `verify_token()` methods controls whether the payload is encrypted using AES. Here’s how it behaves:
| encrypt Parameter | Behavior | Use Case |
|-------------------|------------------------------------------------------------------|--------------------------------------------------------------|
| `encrypt=True` | - The payload is encrypted using AES with CBC mode. | Use when sensitive data in the payload needs to be protected.|
| | - The token payload is stored in encrypted form and cannot be read directly. | Ideal for protecting data like passwords, user data, etc. |
| `encrypt=False` | - The payload is stored in plain text (unencrypted). | Use when the data in the payload does not require encryption.|
| | - The payload can be directly read and is visible in the token. | Suitable for non-sensitive, public data (e.g., user ID, session info). |
---
# Usage
## Importing the Package
```python
from jwt_pro import generate_token, verify_token
```
---
## Generate a JWT (Without Encryption)
```python
from jwt_pro import generate_token
# Define Header and Payload
header = {
"alg": "HS256", # HMAC-SHA256 algorithm
"typ": "JWT"
}
payload = {
"user_id": "12345",
"name": "John Doe"
}
secret = "your-secret-key"
expiry = 3600 (default 3600)
# Generate JWT (without encryption)
token = generate_token(header, payload, secret, expiry, encrypt=False)
print(f"Generated Token: {token}")
```
---
## Verify a JWT (Without Encryption)
```python
from jwt_pro import verify_token
# Secret key used for signing
secret = "your-secret-key"
# Token to verify (use token from previous example)
token = "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..."
try:
verified_payload = verify_token(token, secret, encrypt=False)
print(f"Verified Payload: {verified_payload}")
except ValueError as e:
print(f"Verification Error: {e}")
```
---
## Generate JWT with AES Encryption
```python
from jwt_pro import generate_token
# Define Header and Payload
header = {
"alg": "HS256", # HMAC-SHA256 algorithm
"typ": "JWT"
}
payload = {
"user_id": "12345",
"name": "John Doe"
}
secret = "your-secret-key"
# Generate JWT with AES encryption
token_encrypted = generate_token(header, payload, secret, expires_in=3600, encrypt=True)
print(f"Generated Encrypted Token: {token_encrypted}")
```
---
## Verify Encrypted JWT
```python
from jwt_pro import verify_token
# Secret key used for signing
secret = "your-secret-key"
# Encrypted token to verify (use token from previous example)
token_encrypted = "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9..."
try:
verified_payload_encrypted = verify_token(token_encrypted, secret, encrypt=True)
print(f"Verified Encrypted Payload: {verified_payload_encrypted}")
except ValueError as e:
print(f"Verification Error: {e}")
```
---
## Token Expiration
The default expiration time for the token is **1 hour** (3600 seconds). If not explicitly specified during token generation, the token will automatically expire 1 hour from the time it was created.
You can change the expiration time by passing the `expiry` claim during the token generation process.
```python
from jwt_pro import generate_token
token = generate_token(payload, secret, expiry=7200) # Token will expire in 2 hours
```
---
# Common Errors
| Error Type | Description |
|--------------------------------------|-----------------------------------------------------------------------------|
| **ValueError: Token has expired.** | Raised when the token has expired based on the `exp` field. |
| **ValueError: Invalid token format.**| Raised when the token format does not match the expected header.payload.signature format. |
| **ValueError: Invalid token header.**| Raised when the header is malformed or missing required fields. |
| **ValueError: Invalid token payload.**| Raised when the payload cannot be decrypted or parsed. |
| **ValueError: Unsupported algorithm.**| Raised if the algorithm specified in the token header is unsupported. |
---
# Use Cases
- **User Authentication**: Securely authenticate users in web applications by generating and verifying tokens.
- **Data Protection**: Encrypt sensitive data in the token payload and ensure its integrity during transmission.
- **Session Management**: Manage user sessions using JWTs with automatic expiration handling.
- **API Authentication**: Secure communication between microservices using JWTs for API authentication.
---
## Discussions
- **GitHub Discussions**: Share use cases, report bugs, and suggest features.
We'd love to hear from you and see how you're using **JWT PRO** in your projects!
---
## Requesting Features
If you have an idea for a new feature, please open a feature request in the Issues section with:
- A clear description of the feature
- Why it would be useful
---
## Issues and Feedback
For issues, feedback, and feature requests, please open an issue on our [GitHub Issues page](http://github.com/krishnatadi/jwt-pro-python/issues). We actively monitor and respond to community feedback.
---
## FAQ (Frequently Asked Questions)
For detailed answers to common questions, [click here to visit our FAQ section](https://github.com/krishnatadi/jwt-pro-python#faq-frequently-asked-questions).
--
## License
This project is licensed under the MIT License. See the [LICENSE](https://github.com/Krishnatadi/jwt-pro-python/blob/main/LICENSE) file for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/krishnatadi/jwt-pro-python",
"name": "jwt-pro",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": "\"JWT\", \"JWT PRO\", \"JWT-PRO\", \"authentication\", \"security\", \"token\", \"AES\", \"encryption\", \"HMAC\", \"JWT verification\", \"Python security\", \"cryptography\", \"secure tokens\", \"token verification\", \"token generation\"",
"author": "krishna Tadi",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/2e/1f/d699b2b97ef37185e4b0b613a8fc0669598b69021d33ea1e11a5cfc42e64/jwt_pro-1.0.1.tar.gz",
"platform": null,
"description": "\r\n\r\n\r\n\r\n\r\n\r\n# JWT Pro - JWT Generation & Verification with AES Encryption\r\n\r\nWelcome to `JWT Pro`, your go-to Python package for creating and verifying JSON Web Tokens (JWTs). With support for AES encryption and HMAC signatures, it ensures your user authentication and data transmission are as secure as possible. The package is highly customizable, letting you tweak encryption settings, headers, payloads and validation to fit your needs perfectly.\r\n\r\n---\r\n\r\n## Features\r\n\r\n- **JWT Generation**: Create JSON Web Tokens with optional AES encryption.\r\n- **HMAC Signatures**: Secure token signatures using HMAC with customizable algorithms.\r\n- **Expiration Handling**: Automatic expiration handling with timestamp-based validation.\r\n- **Customizable Headers & Payload**: Flexible header and payload creation.\r\n- **Encryption Option**: AES encryption for protecting sensitive data in the payload.\r\n- **Token Verification**: Validate tokens and verify signatures with proper error handling.\r\n\r\n---\r\n\r\n## Benefits\r\n\r\n- **Security**: Ensures secure data transmission with AES encryption.\r\n- **Ease of Use**: Simple API for token generation and verification.\r\n- **Customization**: Flexible header and payload structures allow custom implementations.\r\n- **Scalability**: Suitable for scalable applications with token-based authentication.\r\n- **Reliability**: Automatic expiration checks and error handling for invalid tokens.\r\n\r\n---\r\n\r\n## Installation\r\n\r\nThis package is available through the [PyPI registry](__https://pypi.org/project/random-password-toolkit/__).\r\n\r\nBefore installing, ensure you have Python 3.6 or higher installed. You can download and install Python from [python.org](__https://www.python.org/downloads/__).\r\n\r\nYou can install the package using `pip`:\r\n\r\n```bash\r\npip install jwt-pro\r\n\r\n```\r\n\r\n---\r\n\r\n## Methods\r\n| Method | Description |\r\n|---------------------------|---------------------------------------------------------------------------|\r\n| `generate_token()` | Generates a JWT with a custom header, payload, and optional encryption. |\r\n| `verify_token()` | Verifies a JWT token and checks its validity, expiration, and integrity. |\r\n\r\n\r\n---\r\n\r\n## Encrypt Option (encrypt=True vs encrypt=False)\r\n\r\nThe `encrypt` parameter in the `generate_token()` and `verify_token()` methods controls whether the payload is encrypted using AES. Here\u00e2\u20ac\u2122s how it behaves:\r\n\r\n| encrypt Parameter | Behavior | Use Case |\r\n|-------------------|------------------------------------------------------------------|--------------------------------------------------------------|\r\n| `encrypt=True` | - The payload is encrypted using AES with CBC mode. | Use when sensitive data in the payload needs to be protected.|\r\n| | - The token payload is stored in encrypted form and cannot be read directly. | Ideal for protecting data like passwords, user data, etc. |\r\n| `encrypt=False` | - The payload is stored in plain text (unencrypted). | Use when the data in the payload does not require encryption.|\r\n| | - The payload can be directly read and is visible in the token. | Suitable for non-sensitive, public data (e.g., user ID, session info). |\r\n\r\n---\r\n\r\n# Usage\r\n## Importing the Package\r\n\r\n```python\r\nfrom jwt_pro import generate_token, verify_token\r\n```\r\n\r\n---\r\n\r\n## Generate a JWT (Without Encryption)\r\n\r\n```python\r\nfrom jwt_pro import generate_token\r\n\r\n# Define Header and Payload\r\nheader = {\r\n \"alg\": \"HS256\", # HMAC-SHA256 algorithm\r\n \"typ\": \"JWT\"\r\n}\r\npayload = {\r\n \"user_id\": \"12345\",\r\n \"name\": \"John Doe\"\r\n}\r\nsecret = \"your-secret-key\"\r\nexpiry = 3600 (default 3600)\r\n\r\n# Generate JWT (without encryption)\r\ntoken = generate_token(header, payload, secret, expiry, encrypt=False)\r\n\r\nprint(f\"Generated Token: {token}\")\r\n```\r\n\r\n---\r\n\r\n## Verify a JWT (Without Encryption)\r\n```python\r\nfrom jwt_pro import verify_token\r\n\r\n# Secret key used for signing\r\nsecret = \"your-secret-key\"\r\n\r\n# Token to verify (use token from previous example)\r\ntoken = \"eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9...\"\r\n\r\ntry:\r\n verified_payload = verify_token(token, secret, encrypt=False)\r\n print(f\"Verified Payload: {verified_payload}\")\r\nexcept ValueError as e:\r\n print(f\"Verification Error: {e}\")\r\n```\r\n\r\n---\r\n\r\n## Generate JWT with AES Encryption\r\n```python\r\nfrom jwt_pro import generate_token\r\n\r\n# Define Header and Payload\r\nheader = {\r\n \"alg\": \"HS256\", # HMAC-SHA256 algorithm\r\n \"typ\": \"JWT\"\r\n}\r\npayload = {\r\n \"user_id\": \"12345\",\r\n \"name\": \"John Doe\"\r\n}\r\nsecret = \"your-secret-key\"\r\n\r\n# Generate JWT with AES encryption\r\ntoken_encrypted = generate_token(header, payload, secret, expires_in=3600, encrypt=True)\r\n\r\nprint(f\"Generated Encrypted Token: {token_encrypted}\")\r\n```\r\n\r\n---\r\n\r\n## Verify Encrypted JWT\r\n```python\r\nfrom jwt_pro import verify_token\r\n\r\n# Secret key used for signing\r\nsecret = \"your-secret-key\"\r\n\r\n# Encrypted token to verify (use token from previous example)\r\ntoken_encrypted = \"eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9...\"\r\n\r\ntry:\r\n verified_payload_encrypted = verify_token(token_encrypted, secret, encrypt=True)\r\n print(f\"Verified Encrypted Payload: {verified_payload_encrypted}\")\r\nexcept ValueError as e:\r\n print(f\"Verification Error: {e}\")\r\n```\r\n\r\n---\r\n## Token Expiration\r\nThe default expiration time for the token is **1 hour** (3600 seconds). If not explicitly specified during token generation, the token will automatically expire 1 hour from the time it was created.\r\n\r\nYou can change the expiration time by passing the `expiry` claim during the token generation process.\r\n\r\n```python\r\nfrom jwt_pro import generate_token\r\ntoken = generate_token(payload, secret, expiry=7200) # Token will expire in 2 hours\r\n\r\n```\r\n\r\n---\r\n\r\n# Common Errors\r\n\r\n| Error Type | Description |\r\n|--------------------------------------|-----------------------------------------------------------------------------|\r\n| **ValueError: Token has expired.** | Raised when the token has expired based on the `exp` field. |\r\n| **ValueError: Invalid token format.**| Raised when the token format does not match the expected header.payload.signature format. |\r\n| **ValueError: Invalid token header.**| Raised when the header is malformed or missing required fields. |\r\n| **ValueError: Invalid token payload.**| Raised when the payload cannot be decrypted or parsed. |\r\n| **ValueError: Unsupported algorithm.**| Raised if the algorithm specified in the token header is unsupported. |\r\n\r\n\r\n---\r\n\r\n# Use Cases\r\n\r\n- **User Authentication**: Securely authenticate users in web applications by generating and verifying tokens.\r\n- **Data Protection**: Encrypt sensitive data in the token payload and ensure its integrity during transmission.\r\n- **Session Management**: Manage user sessions using JWTs with automatic expiration handling.\r\n- **API Authentication**: Secure communication between microservices using JWTs for API authentication.\r\n\r\n---\r\n## Discussions\r\n- **GitHub Discussions**: Share use cases, report bugs, and suggest features.\r\n\r\nWe'd love to hear from you and see how you're using **JWT PRO** in your projects!\r\n\r\n---\r\n\r\n## Requesting Features\r\nIf you have an idea for a new feature, please open a feature request in the Issues section with:\r\n- A clear description of the feature\r\n- Why it would be useful\r\n\r\n---\r\n\r\n## Issues and Feedback\r\nFor issues, feedback, and feature requests, please open an issue on our [GitHub Issues page](http://github.com/krishnatadi/jwt-pro-python/issues). We actively monitor and respond to community feedback.\r\n\r\n---\r\n\r\n## FAQ (Frequently Asked Questions)\r\nFor detailed answers to common questions, [click here to visit our FAQ section](https://github.com/krishnatadi/jwt-pro-python#faq-frequently-asked-questions).\r\n\r\n--\r\n\r\n## License\r\n\r\nThis project is licensed under the MIT License. See the [LICENSE](https://github.com/Krishnatadi/jwt-pro-python/blob/main/LICENSE) file for details.\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "JWT Pro is a package for generating and verifying JSON Web Tokens (JWTs). It supports AES encryption and HMAC signatures, enabling secure user authentication and data transmission. The package is highly customizable, with options for adding encryption, defining headers and payloads, and validating tokens.",
"version": "1.0.1",
"project_urls": {
"Documentation": "https://github.com/krishnatadi/jwt-pro-python#readme",
"Homepage": "https://github.com/krishnatadi/jwt-pro-python",
"Issue Tracker": "https://github.com/krishnatadi/jwt-pro-python/issues",
"Source": "https://github.com/krishnatadi/jwt-pro-python"
},
"split_keywords": [
"\"jwt\"",
" \"jwt pro\"",
" \"jwt-pro\"",
" \"authentication\"",
" \"security\"",
" \"token\"",
" \"aes\"",
" \"encryption\"",
" \"hmac\"",
" \"jwt verification\"",
" \"python security\"",
" \"cryptography\"",
" \"secure tokens\"",
" \"token verification\"",
" \"token generation\""
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "eb9230955b6844cd2552cbdaf26dd003d035d17eb50548b04568086cbeb443de",
"md5": "4fa0171f2744f1bae90835f28d8486ee",
"sha256": "f52b5c545bbbe069020f9872eb4b52a78b2c7d169dd3965d780a1006ee396c82"
},
"downloads": -1,
"filename": "jwt_pro-1.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4fa0171f2744f1bae90835f28d8486ee",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 8683,
"upload_time": "2025-01-25T03:26:59",
"upload_time_iso_8601": "2025-01-25T03:26:59.074501Z",
"url": "https://files.pythonhosted.org/packages/eb/92/30955b6844cd2552cbdaf26dd003d035d17eb50548b04568086cbeb443de/jwt_pro-1.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2e1fd699b2b97ef37185e4b0b613a8fc0669598b69021d33ea1e11a5cfc42e64",
"md5": "30899ea3a4c5c20bb2fe88b2a78b2037",
"sha256": "4a8c3dc6ae974040f271eed11f0da9cc4d7d74d9e9099e7a0ce77c606ce44fa7"
},
"downloads": -1,
"filename": "jwt_pro-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "30899ea3a4c5c20bb2fe88b2a78b2037",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 10342,
"upload_time": "2025-01-25T03:27:00",
"upload_time_iso_8601": "2025-01-25T03:27:00.836101Z",
"url": "https://files.pythonhosted.org/packages/2e/1f/d699b2b97ef37185e4b0b613a8fc0669598b69021d33ea1e11a5cfc42e64/jwt_pro-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-25 03:27:00",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "krishnatadi",
"github_project": "jwt-pro-python",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "jwt-pro"
}
JSON
