Python pyjwt

From wikinotes

pyjwt tokens are used for token-based authentication. they are stateless.

Documentation

pyjwt docs https://pyjwt.readthedocs.io/en/latest/
RFC 7519 (jwt) https://tools.ietf.org/html/rfc7519
personal jwt notes jwt


Usage

import jwt

secret = 'my-serverside-secret'
data = {
    "iss": "auth.domain.com",       # (issuer)
    "iat":  15555555555555.000000,  # (issued at) seconds-since-epoch
    "nbf":  15555555555555.000000,  # (not-before) seconds-since-epoch
    "exp":  15555555555555.000000,  # (expires at) seconds-since-epoch
    "sub": "username",              # (subject) id/uri uniquely identifing recipient of token
    "aud": "sub.domain.com",        # (audience) where is this token valid for?
    # you may also add your own keys
}
token = jwt.encode(data, secret, algorithm='HS256')
data = jwt.decode(data, secret, algorithms=['HS256'])  # verify and decode
data = jwt.decode(data, verify=False)                  # decode without verifing data
Retrieved from "http://willpittman.net:8080/index.php?title=Python_pyjwt&oldid=13234"