python_jwt


Namepython_jwt JSON
Version 3.1.0 PyPI version JSON
download
home_pagehttps://github.com/davedoesdev/python-jwt
SummaryModule for generating and verifying JSON Web Tokens
upload_time2018-04-25 05:59:38
maintainer
docs_urlNone
authorDavid Halls
requires_python
licenseMIT
keywords
VCS
bugtrack_url
requirements jwcrypto gevent None pylint coverage coveralls mock
Travis-CI
coveralls test coverage
            \ |Build Status| |Coverage Status| |PyPI version|

Module for generating and verifying `JSON Web
Tokens <http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html>`__.

-  **Note:** From version 2.0.1 the namespace has changed from ``jwt``
   to ``python_jwt``, in order to avoid conflict with
   `PyJWT <https://github.com/jpadilla/pyjwt>`__.
-  **Note:** Versions 1.0.0 and later fix `a
   vulnerability <https://www.timmclean.net/2015/02/25/jwt-alg-none.html>`__
   in JSON Web Token verification so please upgrade if you're using this
   functionality. The API has changed so you will need to update your
   application.
   `verify\_jwt <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html#python_jwt.verify_jwt>`__
   now requires you to specify which signature algorithms are allowed.
-  Uses `jwcrypto <https://jwcrypto.readthedocs.io>`__ to do the heavy
   lifting.
-  Supports `**RS256**, **RS384**,
   **RS512** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.3>`__,
   `**PS256**, **PS384**,
   **PS512** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.5>`__,
   `**HS256**, **HS384**,
   **HS512** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.2>`__
   and
   `**none** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.6>`__
   signature algorithms.
-  Unit tests, including tests for interoperability with
   `node-jsjws <https://github.com/davedoesdev/node-jsjws>`__.
-  Supports Python 3.6. **Note:**
   `generate\_jwt <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html#python_jwt.generate_jwt>`__
   returns the token as a Unicode string, even on Python 2.7.

Example:

.. code:: python

    import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
    key = jwk.JWK.generate(kty='RSA', size=2048)
    payload = { 'foo': 'bar', 'wup': 90 };
    token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))
    header, claims = jwt.verify_jwt(token, key, ['PS256'])
    for k in payload: assert claims[k] == payload[k]

The API is described
`here <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html>`__.

Installation
------------

.. code:: shell

    pip install python_jwt

Another Example
---------------

You can read and write keys from and to
`PEM-format <http://www.openssl.org/docs/crypto/pem.html>`__ strings:

.. code:: python

    import python_jwt as jwt, jwcrypto.jwk as jwk, datetime
    key = jwk.JWK.generate(kty='RSA', size=2048)
    priv_pem = key.export_to_pem(private_key=True, password=None)
    pub_pem = key.export_to_pem()
    payload = { 'foo': 'bar', 'wup': 90 };
    priv_key = jwk.JWK.from_pem(priv_pem)
    pub_key = jwk.JWK.from_pem(pub_pem)
    token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))
    header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])
    for k in payload: assert claims[k] == payload[k]

Licence
-------

`MIT <https://raw.github.com/davedoesdev/python-jwt/master/LICENCE>`__

Tests
-----

.. code:: shell

    make test

Lint
----

.. code:: shell

    make lint

Code Coverage
-------------

.. code:: shell

    make coverage

`coverage.py <http://nedbatchelder.com/code/coverage/>`__ results are
available
`here <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/coverage/html/index.html>`__.

Coveralls page is
`here <https://coveralls.io/r/davedoesdev/python-jwt>`__.

Benchmarks
----------

.. code:: shell

    make bench

Here are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU
and 8Gb RAM running Ubuntu 17.04.

+----------------+---------------+------------+---------------+
| Generate Key   | user (ns)     | sys (ns)   | real (ns)     |
+================+===============+============+===============+
| RSA            | 103,100,000   | 200,000    | 103,341,537   |
+----------------+---------------+------------+---------------+

+------------------+-------------+------------+-------------+
| Generate Token   | user (ns)   | sys (ns)   | real (ns)   |
+==================+=============+============+=============+
| HS256            | 220,000     | 0          | 226,478     |
+------------------+-------------+------------+-------------+
| HS384            | 220,000     | 0          | 218,233     |
+------------------+-------------+------------+-------------+
| HS512            | 230,000     | 0          | 225,823     |
+------------------+-------------+------------+-------------+
| PS256            | 1,530,000   | 10,000     | 1,536,235   |
+------------------+-------------+------------+-------------+
| PS384            | 1,550,000   | 0          | 1,549,844   |
+------------------+-------------+------------+-------------+
| PS512            | 1,520,000   | 10,000     | 1,524,844   |
+------------------+-------------+------------+-------------+
| RS256            | 1,520,000   | 10,000     | 1,524,565   |
+------------------+-------------+------------+-------------+
| RS384            | 1,530,000   | 0          | 1,528,074   |
+------------------+-------------+------------+-------------+
| RS512            | 1,510,000   | 0          | 1,526,089   |
+------------------+-------------+------------+-------------+

+------------+-------------+------------+-------------+
| Load Key   | user (ns)   | sys (ns)   | real (ns)   |
+============+=============+============+=============+
| RSA        | 210,000     | 3,000      | 210,791     |
+------------+-------------+------------+-------------+

+----------------+-------------+------------+-------------+
| Verify Token   | user (ns)   | sys (ns)   | real (ns)   |
+================+=============+============+=============+
| HS256          | 100,000     | 0          | 101,478     |
+----------------+-------------+------------+-------------+
| HS384          | 100,000     | 10,000     | 103,014     |
+----------------+-------------+------------+-------------+
| HS512          | 110,000     | 0          | 104,323     |
+----------------+-------------+------------+-------------+
| PS256          | 230,000     | 0          | 231,058     |
+----------------+-------------+------------+-------------+
| PS384          | 240,000     | 0          | 237,551     |
+----------------+-------------+------------+-------------+
| PS512          | 240,000     | 0          | 232,450     |
+----------------+-------------+------------+-------------+
| RS256          | 230,000     | 0          | 227,737     |
+----------------+-------------+------------+-------------+
| RS384          | 230,000     | 0          | 230,698     |
+----------------+-------------+------------+-------------+
| RS512          | 230,000     | 0          | 228,624     |
+----------------+-------------+------------+-------------+

.. |Build Status| image:: https://travis-ci.org/davedoesdev/python-jwt.png
   :target: https://travis-ci.org/davedoesdev/python-jwt
.. |Coverage Status| image:: https://coveralls.io/repos/davedoesdev/python-jwt/badge.png?branch=master
   :target: https://coveralls.io/r/davedoesdev/python-jwt?branch=master
.. |PyPI version| image:: https://badge.fury.io/py/python_jwt.png
   :target: http://badge.fury.io/py/python_jwt



            

Raw data

            {
    "maintainer": "", 
    "docs_url": null, 
    "requires_python": "", 
    "maintainer_email": "", 
    "keywords": "", 
    "upload_time": "2018-04-25 05:59:38", 
    "requirements": [
        {
            "name": "jwcrypto", 
            "specs": [
                [
                    ">=", 
                    "0.4.2"
                ]
            ]
        }, 
        {
            "name": "gevent", 
            "specs": [
                [
                    ">=", 
                    "1.2.2"
                ]
            ]
        }, 
        {
            "name": null, 
            "specs": []
        }, 
        {
            "name": "pylint", 
            "specs": [
                [
                    ">=", 
                    "1.4.4"
                ]
            ]
        }, 
        {
            "name": "coverage", 
            "specs": [
                [
                    ">=", 
                    "4.0.3"
                ]
            ]
        }, 
        {
            "name": "coveralls", 
            "specs": [
                [
                    ">=", 
                    "1.1"
                ]
            ]
        }, 
        {
            "name": "mock", 
            "specs": [
                [
                    ">=", 
                    "1.3.0"
                ]
            ]
        }
    ], 
    "author": "David Halls", 
    "home_page": "https://github.com/davedoesdev/python-jwt", 
    "github_user": "davedoesdev", 
    "download_url": "https://files.pythonhosted.org/packages/a4/2b/5e4c7247dc647b1ad1fbe2b393ef7ba4224ab2e5635af348bbf272410a76/python_jwt-3.1.0.tar.gz", 
    "platform": "", 
    "version": "3.1.0", 
    "description": "\\ |Build Status| |Coverage Status| |PyPI version|\n\nModule for generating and verifying `JSON Web\nTokens <http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html>`__.\n\n-  **Note:** From version 2.0.1 the namespace has changed from ``jwt``\n   to ``python_jwt``, in order to avoid conflict with\n   `PyJWT <https://github.com/jpadilla/pyjwt>`__.\n-  **Note:** Versions 1.0.0 and later fix `a\n   vulnerability <https://www.timmclean.net/2015/02/25/jwt-alg-none.html>`__\n   in JSON Web Token verification so please upgrade if you're using this\n   functionality. The API has changed so you will need to update your\n   application.\n   `verify\\_jwt <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html#python_jwt.verify_jwt>`__\n   now requires you to specify which signature algorithms are allowed.\n-  Uses `jwcrypto <https://jwcrypto.readthedocs.io>`__ to do the heavy\n   lifting.\n-  Supports `**RS256**, **RS384**,\n   **RS512** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.3>`__,\n   `**PS256**, **PS384**,\n   **PS512** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.5>`__,\n   `**HS256**, **HS384**,\n   **HS512** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.2>`__\n   and\n   `**none** <http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.6>`__\n   signature algorithms.\n-  Unit tests, including tests for interoperability with\n   `node-jsjws <https://github.com/davedoesdev/node-jsjws>`__.\n-  Supports Python 3.6. **Note:**\n   `generate\\_jwt <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html#python_jwt.generate_jwt>`__\n   returns the token as a Unicode string, even on Python 2.7.\n\nExample:\n\n.. code:: python\n\n    import python_jwt as jwt, jwcrypto.jwk as jwk, datetime\n    key = jwk.JWK.generate(kty='RSA', size=2048)\n    payload = { 'foo': 'bar', 'wup': 90 };\n    token = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))\n    header, claims = jwt.verify_jwt(token, key, ['PS256'])\n    for k in payload: assert claims[k] == payload[k]\n\nThe API is described\n`here <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html>`__.\n\nInstallation\n------------\n\n.. code:: shell\n\n    pip install python_jwt\n\nAnother Example\n---------------\n\nYou can read and write keys from and to\n`PEM-format <http://www.openssl.org/docs/crypto/pem.html>`__ strings:\n\n.. code:: python\n\n    import python_jwt as jwt, jwcrypto.jwk as jwk, datetime\n    key = jwk.JWK.generate(kty='RSA', size=2048)\n    priv_pem = key.export_to_pem(private_key=True, password=None)\n    pub_pem = key.export_to_pem()\n    payload = { 'foo': 'bar', 'wup': 90 };\n    priv_key = jwk.JWK.from_pem(priv_pem)\n    pub_key = jwk.JWK.from_pem(pub_pem)\n    token = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))\n    header, claims = jwt.verify_jwt(token, pub_key, ['RS256'])\n    for k in payload: assert claims[k] == payload[k]\n\nLicence\n-------\n\n`MIT <https://raw.github.com/davedoesdev/python-jwt/master/LICENCE>`__\n\nTests\n-----\n\n.. code:: shell\n\n    make test\n\nLint\n----\n\n.. code:: shell\n\n    make lint\n\nCode Coverage\n-------------\n\n.. code:: shell\n\n    make coverage\n\n`coverage.py <http://nedbatchelder.com/code/coverage/>`__ results are\navailable\n`here <http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/coverage/html/index.html>`__.\n\nCoveralls page is\n`here <https://coveralls.io/r/davedoesdev/python-jwt>`__.\n\nBenchmarks\n----------\n\n.. code:: shell\n\n    make bench\n\nHere are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU\nand 8Gb RAM running Ubuntu 17.04.\n\n+----------------+---------------+------------+---------------+\n| Generate Key   | user (ns)     | sys (ns)   | real (ns)     |\n+================+===============+============+===============+\n| RSA            | 103,100,000   | 200,000    | 103,341,537   |\n+----------------+---------------+------------+---------------+\n\n+------------------+-------------+------------+-------------+\n| Generate Token   | user (ns)   | sys (ns)   | real (ns)   |\n+==================+=============+============+=============+\n| HS256            | 220,000     | 0          | 226,478     |\n+------------------+-------------+------------+-------------+\n| HS384            | 220,000     | 0          | 218,233     |\n+------------------+-------------+------------+-------------+\n| HS512            | 230,000     | 0          | 225,823     |\n+------------------+-------------+------------+-------------+\n| PS256            | 1,530,000   | 10,000     | 1,536,235   |\n+------------------+-------------+------------+-------------+\n| PS384            | 1,550,000   | 0          | 1,549,844   |\n+------------------+-------------+------------+-------------+\n| PS512            | 1,520,000   | 10,000     | 1,524,844   |\n+------------------+-------------+------------+-------------+\n| RS256            | 1,520,000   | 10,000     | 1,524,565   |\n+------------------+-------------+------------+-------------+\n| RS384            | 1,530,000   | 0          | 1,528,074   |\n+------------------+-------------+------------+-------------+\n| RS512            | 1,510,000   | 0          | 1,526,089   |\n+------------------+-------------+------------+-------------+\n\n+------------+-------------+------------+-------------+\n| Load Key   | user (ns)   | sys (ns)   | real (ns)   |\n+============+=============+============+=============+\n| RSA        | 210,000     | 3,000      | 210,791     |\n+------------+-------------+------------+-------------+\n\n+----------------+-------------+------------+-------------+\n| Verify Token   | user (ns)   | sys (ns)   | real (ns)   |\n+================+=============+============+=============+\n| HS256          | 100,000     | 0          | 101,478     |\n+----------------+-------------+------------+-------------+\n| HS384          | 100,000     | 10,000     | 103,014     |\n+----------------+-------------+------------+-------------+\n| HS512          | 110,000     | 0          | 104,323     |\n+----------------+-------------+------------+-------------+\n| PS256          | 230,000     | 0          | 231,058     |\n+----------------+-------------+------------+-------------+\n| PS384          | 240,000     | 0          | 237,551     |\n+----------------+-------------+------------+-------------+\n| PS512          | 240,000     | 0          | 232,450     |\n+----------------+-------------+------------+-------------+\n| RS256          | 230,000     | 0          | 227,737     |\n+----------------+-------------+------------+-------------+\n| RS384          | 230,000     | 0          | 230,698     |\n+----------------+-------------+------------+-------------+\n| RS512          | 230,000     | 0          | 228,624     |\n+----------------+-------------+------------+-------------+\n\n.. |Build Status| image:: https://travis-ci.org/davedoesdev/python-jwt.png\n   :target: https://travis-ci.org/davedoesdev/python-jwt\n.. |Coverage Status| image:: https://coveralls.io/repos/davedoesdev/python-jwt/badge.png?branch=master\n   :target: https://coveralls.io/r/davedoesdev/python-jwt?branch=master\n.. |PyPI version| image:: https://badge.fury.io/py/python_jwt.png\n   :target: http://badge.fury.io/py/python_jwt\n\n\n", 
    "lcname": "python_jwt", 
    "name": "python_jwt", 
    "github": true, 
    "coveralls": true, 
    "bugtrack_url": "", 
    "license": "MIT", 
    "travis_ci": true, 
    "github_project": "python-jwt", 
    "summary": "Module for generating and verifying JSON Web Tokens", 
    "split_keywords": [], 
    "author_email": "dave@davedoesdev.com", 
    "urls": [
        {
            "has_sig": false, 
            "upload_time": "2018-04-25T05:59:36", 
            "comment_text": "", 
            "python_version": "py2.py3", 
            "url": "https://files.pythonhosted.org/packages/00/af/a09a11af6cb5514e84b6e41b0702648d1ca3807f402c97e779c14d3a939e/python_jwt-3.1.0-py2.py3-none-any.whl", 
            "md5_digest": "368bfeac5fed17ac8f7115e03759bbbe", 
            "downloads": -1, 
            "filename": "python_jwt-3.1.0-py2.py3-none-any.whl", 
            "packagetype": "bdist_wheel", 
            "digests": {
                "sha256": "2dea836107be86e62c58107bdc49630de50b288d87414919de2bca4f91e2b236", 
                "md5": "368bfeac5fed17ac8f7115e03759bbbe"
            }, 
            "size": 8660
        }, 
        {
            "has_sig": false, 
            "upload_time": "2018-04-25T05:59:38", 
            "comment_text": "", 
            "python_version": "source", 
            "url": "https://files.pythonhosted.org/packages/a4/2b/5e4c7247dc647b1ad1fbe2b393ef7ba4224ab2e5635af348bbf272410a76/python_jwt-3.1.0.tar.gz", 
            "md5_digest": "cea590354af19768fdf9c12cce79f5dd", 
            "downloads": -1, 
            "filename": "python_jwt-3.1.0.tar.gz", 
            "packagetype": "sdist", 
            "digests": {
                "sha256": "fb3617a7b076bfe82bd377a8c12caeeeed9ad51cb617858a1dc7948e713fc88b", 
                "md5": "cea590354af19768fdf9c12cce79f5dd"
            }, 
            "size": 230589
        }
    ], 
    "_id": null
}