https://github.com/seznam/nats-jwt-py
Python library for creating JWTs for NATS ecosystem using nkeys
https://github.com/seznam/nats-jwt-py
jwt nats nkeys python python3
Last synced: 11 months ago
JSON representation
Python library for creating JWTs for NATS ecosystem using nkeys
- Host: GitHub
- URL: https://github.com/seznam/nats-jwt-py
- Owner: seznam
- License: apache-2.0
- Created: 2024-04-12T08:10:18.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2025-02-04T13:07:19.000Z (over 1 year ago)
- Last Synced: 2025-07-01T01:43:36.171Z (12 months ago)
- Topics: jwt, nats, nkeys, python, python3
- Language: Python
- Homepage:
- Size: 129 KB
- Stars: 5
- Watchers: 7
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# NATS jwt lib for python
Python's library for generating JWT tokens for NATS server.
## ⚠️ Warning ⚠️
> This library is not well-tested and is in the development stage.
>
> The Author(s) is not a developer of the NATS, so may not understand zen of the NATS.
## Notes
| Scope | level | description |
|-----------------|:-----:|------------------------------------------------------------------------------------------------------------------------------------------|
| `Code` | ℹ️ | This library was inspired and based on [official NATS's go library](https://github.com/nats-io/jwt). |
| `Code` | ℹ️ | Author tried to save structure of code that `GoLang` version has, but it is not one-to-one due to languages specs. |
| `Code` | ℹ️ | In this library there is [snippets.py](nats_jwt/v2/snippets.py) that is targeting to make creation of accounts and users easier. |
| `Tests` | ⚠️ | Tests not covering all code. |
| `Documentation` | ℹ️ | NATS has powerful [documentation for JWT](https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt). Recommended for reading. |
## Code Example
_Code examples are using `snippets.py` which is not part of the go library._
### Create Operator from seed
```python
from nats_jwt.v2.snippets import Operator
from nats_jwt.v2.account_claims import Export
from nats_jwt.nkeys_ext import nkeys2
import nkeys
# create raw seed - 32 'random' bytes
raw_seed: bytes = nkeys2.create_seed()
# create a new seed for operator. This seed now would look in base64 like:
# SO...
op_seed: bytes = nkeys2.encode_seed(nkeys.PREFIX_BYTE_OPERATOR, raw_seed)
# Tip: Also operator, account and user seeds can be created via prepared functions
# Note 1: those functions are returning nkeys.KeyPair objects (ed25519 generated keys)
# Note 2: You can extract seed from KeyPair object by calling seed() method
#
# nkeys2.create_operator_pair()
# nkeys2.create_account_pair()
# nkeys2.create_user_pair()
# now we can create an abstraction above this seed for operator operations
op = Operator(seed=op_seed)
# `create_account` will create new seed, KeyPair, AccountClaims with issuer set to operator's public key
# also, `Account` snippet object has signer key pair as object attribute (`_skp`) and when jwt generation
# is done jwt automatically is signed by this key pair (and `iat` is also set to current time).
ac = op.create_account("my_account")
ac.claims.name = "rewrite_name"
ac.claims.nats.exports.append(Export("my_export", "MY.CUSTOM.SUBJECT.>"))
# JWT for any snippet is generated by calling `jwt` property-method
jwt: str = ac.jwt
# now we can verify this jwt by calling `verify` operator method
if op.verify(jwt):
print("account JWT is valid")
else:
# should not happen :D
print("account JWT is invalid")
us = ac.create_user("my_user")
if ac.verify(us.jwt):
print("user JWT is valid")
else:
# should not happen :D
print("user JWT is invalid")
```
## LICENSE
This library is licensed under the same LICENSE as the [NATS's go library](https://github.com/nats-io/jwt)