{"id":13397006,"url":"https://github.com/davedoesdev/python-jwt","last_synced_at":"2025-03-13T23:31:58.917Z","repository":{"id":10911617,"uuid":"13209504","full_name":"davedoesdev/python-jwt","owner":"davedoesdev","description":"Python module for generating and verifying JSON Web Tokens","archived":true,"fork":false,"pushed_at":"2023-11-13T07:55:37.000Z","size":4361,"stargazers_count":220,"open_issues_count":0,"forks_count":29,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-01-21T09:07:06.021Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davedoesdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2013-09-30T08:03:49.000Z","updated_at":"2024-10-07T09:52:47.000Z","dependencies_parsed_at":"2024-01-29T18:51:40.612Z","dependency_job_id":null,"html_url":"https://github.com/davedoesdev/python-jwt","commit_stats":{"total_commits":164,"total_committers":5,"mean_commits":32.8,"dds":0.04878048780487809,"last_synced_commit":"79d6aaeca37abcf18fc6e5778894680ce9fc4fe4"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davedoesdev%2Fpython-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davedoesdev%2Fpython-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davedoesdev%2Fpython-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davedoesdev%2Fpython-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davedoesdev","download_url":"https://codeload.github.com/davedoesdev/python-jwt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243500226,"owners_count":20300760,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T18:01:09.177Z","updated_at":"2025-03-13T23:31:58.471Z","avatar_url":"https://github.com/davedoesdev.png","language":"Python","readme":"# python-jwt\u0026nbsp;\u0026nbsp;\u0026nbsp;[![Build Status](https://github.com/davedoesdev/python-jwt/actions/workflows/ci.yml/badge.svg)](https://github.com/davedoesdev/python-jwt/actions/workflows/ci.yml) [![Coverage Status](https://coveralls.io/repos/github/davedoesdev/python-jwt/badge.svg?branch=master)](https://coveralls.io/github/davedoesdev/python-jwt?branch=master) [![PyPI version](https://badge.fury.io/py/python-jwt.svg)](https://badge.fury.io/py/python-jwt)\n\nModule for generating and verifying [JSON Web Tokens](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html).\n\n***All versions of python-jwt are now DEPRECATED. I don't have the time to maintain this module.***\n\n- **Note:** Versions 3.3.4 and later fix a [vulnerability](https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp) (CVE-2022-39227) in JSON Web Token verification which lets an attacker with a valid token re-use its signature with modified claims. CVE to follow. Please upgrade!\n- **Note:** From version 2.0.1 the namespace has changed from `jwt` to `python_jwt`, in order to avoid conflict with [PyJWT](https://github.com/jpadilla/pyjwt).\n- **Note:** Versions 1.0.0 and later fix a [vulnerability](https://www.timmclean.net/2015/02/25/jwt-alg-none.html) in JSON Web Token verification so please upgrade if you're using this functionality. The API has changed so you will need to update your application. [verify_jwt](http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html#python_jwt.verify_jwt) now requires you to specify which signature algorithms are allowed.\n- Uses [jwcrypto](https://jwcrypto.readthedocs.io) to do the heavy lifting.\n- Supports [__RS256__, __RS384__, __RS512__](https://tools.ietf.org/html/rfc7518#section-3.3), [__PS256__, __PS384__, __PS512__](https://tools.ietf.org/html/rfc7518#section-3.5), [__HS256__, __HS384__, __HS512__](https://tools.ietf.org/html/rfc7518#section-3.2), [__ES256__, __ES384__, __ES512__](https://tools.ietf.org/html/rfc7518#section-3.4), [__ES256K__](https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-05#section-3.2), [__EdDSA__](https://tools.ietf.org/html/rfc8037#section-3.1) and [__none__](http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-3.6) signature algorithms.\n- Unit tests, including tests for interoperability with [jose](https://github.com/panva/jose).\n- Supports Python 3.6+. **Note:** [generate_jwt](http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html#python_jwt.generate_jwt) returns the token as a Unicode string.\n\nExample:\n\n```python\nimport python_jwt as jwt, jwcrypto.jwk as jwk, datetime\nkey = jwk.JWK.generate(kty='RSA', size=2048)\npayload = { 'foo': 'bar', 'wup': 90 };\ntoken = jwt.generate_jwt(payload, key, 'PS256', datetime.timedelta(minutes=5))\nheader, claims = jwt.verify_jwt(token, key, ['PS256'])\nfor k in payload: assert claims[k] == payload[k]\n```\n\nThe API is described [here](http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/docs/_build/html/index.html).\n\n\n## Installation\n\n```shell\npip install python_jwt\n```\n\n## Another Example\n\nYou can read and write keys from and to [PEM-format](http://www.openssl.org/docs/crypto/pem.html) strings:\n\n```python\nimport python_jwt as jwt, jwcrypto.jwk as jwk, datetime\nkey = jwk.JWK.generate(kty='RSA', size=2048)\npriv_pem = key.export_to_pem(private_key=True, password=None)\npub_pem = key.export_to_pem()\npayload = { 'foo': 'bar', 'wup': 90 };\npriv_key = jwk.JWK.from_pem(priv_pem)\npub_key = jwk.JWK.from_pem(pub_pem)\ntoken = jwt.generate_jwt(payload, priv_key, 'RS256', datetime.timedelta(minutes=5))\nheader, claims = jwt.verify_jwt(token, pub_key, ['RS256'])\nfor k in payload: assert claims[k] == payload[k]\n```\n\n## Licence\n\n[MIT](https://raw.github.com/davedoesdev/python-jwt/master/LICENCE)\n\n## Tests\n\n```shell\nmake test\n```\n\n## Lint\n\n```shell\nmake lint\n```\n\n## Code Coverage\n\n```shell\nmake coverage\n```\n\n[coverage.py](http://nedbatchelder.com/code/coverage/) results are available [here](http://rawgit.davedoesdev.com/davedoesdev/python-jwt/master/coverage/html/index.html).\n\nCoveralls page is [here](https://coveralls.io/r/davedoesdev/python-jwt).\n\n## Benchmarks\n\n```shell\nmake bench\n```\n\nHere are some results on a laptop with an Intel Core i5-4300M 2.6Ghz CPU and 8Gb RAM running Ubuntu 17.04.\n\nGenerate Key|user (ns)|sys (ns)|real (ns)\n:--|--:|--:|--:\nRSA|103,100,000|200,000|103,341,537\n\nGenerate Token|user (ns)|sys (ns)|real (ns)\n:--|--:|--:|--:\nHS256|220,000|0|226,478\nHS384|220,000|0|218,233\nHS512|230,000|0|225,823\nPS256|1,530,000|10,000|1,536,235\nPS384|1,550,000|0|1,549,844\nPS512|1,520,000|10,000|1,524,844\nRS256|1,520,000|10,000|1,524,565\nRS384|1,530,000|0|1,528,074\nRS512|1,510,000|0|1,526,089\n\nLoad Key|user (ns)|sys (ns)|real (ns)\n:--|--:|--:|--:\nRSA|210,000|3,000|210,791\n\nVerify Token|user (ns)|sys (ns)|real (ns)\n:--|--:|--:|--:\nHS256|100,000|0|101,478\nHS384|100,000|10,000|103,014\nHS512|110,000|0|104,323\nPS256|230,000|0|231,058\nPS384|240,000|0|237,551\nPS512|240,000|0|232,450\nRS256|230,000|0|227,737\nRS384|230,000|0|230,698\nRS512|230,000|0|228,624\n","funding_links":[],"categories":["Authentication","资源列表","Python","Authorization \u0026 Authentication","验证","Authentication [🔝](#readme)","Awesome Python"],"sub_categories":["验证","Authentication"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavedoesdev%2Fpython-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavedoesdev%2Fpython-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavedoesdev%2Fpython-jwt/lists"}