Python pyjwt
From wikinotes
pyjwt tokens are used for token-based authentication. they are stateless.
Documentation
pyjwt docs https://pyjwt.readthedocs.io/en/latest/ RFC 7519 (jwt) https://tools.ietf.org/html/rfc7519 personal jwt notes jwt
Usage
import jwt secret = 'my-serverside-secret' data = { "iss": "auth.domain.com", # (issuer) "iat": 15555555555555.000000, # (issued at) seconds-since-epoch "nbf": 15555555555555.000000, # (not-before) seconds-since-epoch "exp": 15555555555555.000000, # (expires at) seconds-since-epoch "sub": "username", # (subject) id/uri uniquely identifing recipient of token "aud": "sub.domain.com", # (audience) where is this token valid for? # you may also add your own keys } token = jwt.encode(data, secret, algorithm='HS256') data = jwt.decode(data, secret, algorithms=['HS256']) # verify and decode data = jwt.decode(data, verify=False) # decode without verifing data