{"id":14974225,"url":"https://github.com/bmeu/flask-easyjwt","last_synced_at":"2026-02-18T05:33:45.224Z","repository":{"id":35138086,"uuid":"185464403","full_name":"BMeu/Flask-EasyJWT","owner":"BMeu","description":"Super simple JSON Web Tokens for Flask","archived":false,"fork":false,"pushed_at":"2022-12-08T07:43:01.000Z","size":53,"stargazers_count":0,"open_issues_count":7,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-12T11:48:35.764Z","etag":null,"topics":["flask","flask-extension","flask-extensions","jwt","jwt-token","jwt-tokens","python","python3"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BMeu.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-05-07T19:19:41.000Z","updated_at":"2021-01-01T20:24:29.000Z","dependencies_parsed_at":"2023-01-15T14:36:04.703Z","dependency_job_id":null,"html_url":"https://github.com/BMeu/Flask-EasyJWT","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/BMeu/Flask-EasyJWT","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BMeu%2FFlask-EasyJWT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BMeu%2FFlask-EasyJWT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BMeu%2FFlask-EasyJWT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BMeu%2FFlask-EasyJWT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BMeu","download_url":"https://codeload.github.com/BMeu/Flask-EasyJWT/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BMeu%2FFlask-EasyJWT/sbom","scorecard":{"id":19467,"data":{"date":"2025-08-11","repo":{"name":"github.com/BMeu/Flask-EasyJWT","commit":"50ea391500f9ed0c9c1bd0ef95a6644d658471e1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"31 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-421 / GHSA-h4m5-qpfp-3mpv","Warn: Project is vulnerable to: PYSEC-2022-42986 / GHSA-43fp-rhv2-5gv8","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: PYSEC-2023-62 / GHSA-m2qf-hxjv-5gpq","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: PYSEC-2021-66 / GHSA-g3rq-g295-4j3m","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: PYSEC-2021-140 / GHSA-9w8r-397f-prfh","Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p","Warn: Project is vulnerable to: PYSEC-2021-141 / GHSA-pq64-v7f5-gqh8","Warn: Project is vulnerable to: PYSEC-2022-202 / GHSA-ffqj-6fqr-9h24","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2021-59 / GHSA-5phf-pp7p-vc2r","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2021-108 / GHSA-q2q7-5pp4-w6pg","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: GHSA-2g68-c3qc-8985","Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j","Warn: Project is vulnerable to: PYSEC-2023-221 / GHSA-hrfv-mqp8-q5rw","Warn: Project is vulnerable to: PYSEC-2023-57 / GHSA-px8h-6qxv-m22q","Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2","Warn: Project is vulnerable to: PYSEC-2023-58 / GHSA-xg9f-g7g7-2323","Warn: Project is vulnerable to: PYSEC-2022-203","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T16:28:21.877Z","repository_id":35138086,"created_at":"2025-08-14T16:28:21.877Z","updated_at":"2025-08-14T16:28:21.877Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279011184,"owners_count":26084900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flask","flask-extension","flask-extensions","jwt","jwt-token","jwt-tokens","python","python3"],"created_at":"2024-09-24T13:50:14.776Z","updated_at":"2025-10-12T11:48:38.133Z","avatar_url":"https://github.com/BMeu.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Flask-EasyJWT\n\n\n[![PyPI](https://img.shields.io/pypi/v/flask-easyjwt.svg)](https://pypi.org/project/flask-easyjwt/)\n[![PyPI - License](https://img.shields.io/pypi/l/flask-easyjwt.svg)](https://github.com/BMeu/Flask-EasyJWT/blob/master/LICENSE)\n[![Build Status](https://travis-ci.org/BMeu/Flask-EasyJWT.svg?branch=master)](https://travis-ci.org/BMeu/Flask-EasyJWT)\n[![codecov](https://codecov.io/gh/BMeu/Flask-EasyJWT/branch/master/graph/badge.svg)](https://codecov.io/gh/BMeu/Flask-EasyJWT)\n[![Documentation Status](https://readthedocs.org/projects/flask-easyjwt/badge/?version=latest)](https://flask-easyjwt.readthedocs.io/en/latest/?badge=latest)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flask-easyjwt.svg)\n\nFlask-EasyJWT provides a simple interface to creating and verifying\n[JSON Web Tokens (JWTs)](https://tools.ietf.org/html/rfc7519) in Python. It allows you to once define the claims of the\nJWT, and to then create and accept tokens with these claims without having to check if all the required data is given\nor if the token actually is the one you expect.\n\nFlask-EasyJWT is a simple wrapper around [EasyJWT](https://github.com/BMeu/EasyJWT) for easy usage in\n[Flask](http://flask.pocoo.org/) applications. It provides configuration options via Flask's application configuration\nfor common settings of all tokens created in a web application. For detailed information on how to use\n[EasyJWT](https://github.com/BMeu/EasyJWT), see [its documentation](https://easyjwt.readthedocs.org/en/latest/).\n\n```python\nfrom flask_easyjwt import FlaskEasyJWT\nfrom flask import Flask\n\n# Define the claims of your token.\nclass MySuperSimpleJWT(FlaskEasyJWT):\n\n    def __init__(self, key):\n        super().__init__(key)\n        \n        # Define a claim `name`.\n        self.name = None\n\n# Define the default configuration options for FlaskEasyJWT\n# in the configuration of your Flask app.\napp = Flask(__name__)\napp.config.from_mapping(\n    # The default key for encoding and decoding tokens.\n    EASYJWT_KEY='Super secret key',\n\n    # Tokens will be valid for 15 minutes after creation by default.\n    EASYJWT_TOKEN_VALIDITY=15 * 60\n)\n\n@app.route('/token/\u003cname\u003e')\ndef get_token(name):\n    \"\"\" This view returns a token with the given name as its value. \"\"\"\n    token_object = MySuperSimpleJWT()\n    token_object.name = name\n    return token_object.create()\n\n@app.route('/verify/\u003ctoken\u003e')\ndef verify_token(token):\n    \"\"\" This view verifies the given token and returns the contained name. \"\"\"\n    verified_token_object = MySuperSimpleJWT.verify(token)\n    return verified_token_object.name\n```\n\n## Features\n\n * Integrates [EasyJWT](https://github.com/BMeu/EasyJWT) into Flask for easy configuration of default options for\n   creating and verifying JWTs.\n * Define the claims of your token once as a class, then use this class to easily create and verify multiple tokens.\n * No worries about typos in dictionary keys: the definition of your claim set as a class enables IDEs to find those\n   typos for you.\n * Multiple tokens may have the same claims, but different intentions. Flask-EasyJWT will take care of this for you: you\n   can define a token for account validation and one for account deletion, both with the account ID as a claim, and you\n   don't need to worry about accidentally deleting a newly created account instead of validating it, just because\n   someone mixed up the tokens.\n * All registered JWT claims are supported: `aud`, `exp`, `iat`, `iss`, `jti`, `nbf`, and `sub`.\n\nFor a full list of features, see [the features of EasyJWT](https://easyjwt.readthedocs.org/en/latest/#features).\n\n## System Requirements \u0026 Installation\n\nFlask-EasyJWT requires Python 3.6 or newer.\n\nFlask-EasyJWT is available [on PyPI](https://pypi.org/project/flask-easyjwt/). You can install it using your favorite\npackage manager.\n\n * PIP:\n\n    ```bash\n    python -m pip install flask_easyjwt\n    ```\n\n * Pipenv:\n\n    ```bash\n    pipenv install flask_easyjwt\n    ```\n\n## Usage\n\nFlask-EasyJWT is used exactly as [EasyJWT](https://github.com/BMeu/EasyJWT). Therefore, this section only describes the\nspecific features of Flask-EasyJWT and the basic usage. For detailed explanations on how to use EasyJWT (for example,\noptional claims, registered claims such as `aud`, `iat`, and `sub`, or verifying third-party tokens), see\n[its documentation](https://easyjwt.readthedocs.org/en/latest/#usage).\n\n### Application Setup\n\nYou do not need to initialize Flask-EasyJWT with your Flask application. All you have to do (although even this is,\nstrictly speaking, not required), is to specify some default settings for all of your tokens in the configuration of\nyour Flask application. These settings are:\n\n\n| Configuration Key        | Description |\n|--------------------------|-------------|\n| `EASYJWT_KEY`            | The key that will be used for encoding and decoding all tokens. If `EASYJWT_KEY` is not specified, Flask-EasyJWT will fall back to Flask's `SECRET_KEY` configuration value. |\n| `EASYJWT_TOKEN_VALIDITY` | The validity of each token after its creation. This value can be given as a string (that is parsable to an integer), an integer, or a `timedelta` object. The former two are interpreted in seconds. |\n\nYou can specify these configuration values as any other configuration values in your Flask application, for example,\nusing a mapping in your code:\n\n```python\nfrom datetime import timedelta\nfrom flask import Flask\n\napp = Flask(__name__)\napp.config.update(\n    EASYJWT_KEY='Super secret key',\n    EASYJWT_TOKEN_VALIDITY=timedelta(minutes=7)\n)\n```\n\nIn this example, all tokens will (by default) be encoded using the (not so secure) string `Super secret key` and will\nbe valid for seven minutes after they have been created (i.e., after the `create()` method has been called on the token\nobject).\n\nOf course, any other way of specifying the configuration values will work as well (see\n[Flask's documentation](https://flask.palletsprojects.com/en/1.1.x/config/)).\n\n### Token Specification \u0026 Usage\n\nTokens are specified and used exactly as with [EasyJWT](https://easyjwt.readthedocs.org/en/latest/#usage):\n\n```python\nfrom flask_easyjwt import FlaskEasyJWT\n\n# Define the claims of your token.\nclass MySuperSimpleJWT(FlaskEasyJWT):\n\n    def __init__(self, key):\n        super().__init__(key)\n        \n        # Define a claim `name`.\n        self.name = None\n\n# Assuming we are within a Flask app context. \n\n# Create a token with some values.\ntoken_object = MySuperSimpleJWT()\ntoken_object.name = 'Zaphod Beeblebrox'\ntoken = token_object.create()\n\n# Verify the created token.\nverified_token_object = MySuperSimpleJWT.verify(token)\nassert verified_token_object.name == 'Zaphod Beeblebrox'\n```\n\nThe only difference is that you do not have to pass the key for encoding or decoding the token to the constructor and\n`verify()` method, respectively (you still can do so if you do not want to use the default key defined in your\napplication's configuration).\n\nAdditionally, if the configuration value `EASYJWT_TOKEN_VALIDITY` is set, the token will\nbe valid for the amount specified in this configuration value after it has been created with `create()`. If this\nconfiguration value is not set tokens will not expire. If you explicitly set the expiration date on a token object\nthis value will always take precedence (if it is not `None`):\n\n```python\nimport datetime\n\nfrom flask_easyjwt import FlaskEasyJWT\nfrom flask import Flask\n\n# Define the claims of your token.\nclass MySuperSimpleJWT(FlaskEasyJWT):\n\n    def __init__(self, key):\n        super().__init__(key)\n        \n        # Define a claim `name`.\n        self.name = None\n\n# Define the default configuration options for FlaskEasyJWT\n# in the configuration of your Flask app.\napp = Flask(__name__)\napp.config.from_mapping(\n    EASYJWT_KEY='Super secret key',\n    EASYJWT_TOKEN_VALIDITY=datetime.timedelta(minutes=7)\n)\n\n# Assuming we are within a Flask app context.\n\ntoken_object = MySuperSimpleJWT()\ntoken_object.name = 'Zaphod Beeblebrox'\n\n# This token will expire in 15 minutes, even though the default token validity is set to 7 minutes.\ntoken_object.expiration_date = datetime.datetime.utcnow() + datetime.timedelta(minutes=15)\n```\n\nInitializing token objects and creating and verifying tokens must be executed within a\n[Flask application context](https://flask.palletsprojects.com/en/1.1.x/appcontext/) if you want to use the configuration\nvalues from the application's configuration.\n\n## Acknowledgements\n\nFlask-EasyJWT is just an easy-to-use abstraction layer around José Padilla's\n[PyJWT library](https://pypi.org/project/PyJWT/) that does the actual work of creating and verifying the tokens\naccording to the JWT specification. Without his work, Flask-EasyJWT would not be possible.\n\n## License\n\nFlask-EasyJWT is developed by [Bastian Meyer](https://www.bastianmeyer.eu)\n\u003c[bastian@bastianmeyer.eu](mailto:bastian@bastianmeyer.eu)\u003e and is licensed under the\n[MIT License]((http://www.opensource.org/licenses/MIT)). For details, see the attached [LICENSE](LICENSE) file. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbmeu%2Fflask-easyjwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbmeu%2Fflask-easyjwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbmeu%2Fflask-easyjwt/lists"}