David's Blog

Using PyJWT for JSON Web Token Authentication in Python

By David Li on 2023-07-07T00:01:07.000Z

Using PyJWT for JSON Web Token Authentication in Python

In this article, we will discuss JSON Web Tokens (JWT) and how to use the PyJWT library to encode and decode JWTs in your Python applications. JWTs are widely used for authentication and authorization purposes in web applications, and PyJWT is a popular library for handling JWTs in Python.

What are JSON Web Tokens?

JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims to be transferred between two parties. They are often used for authentication and authorization in web applications. JWTs consist of three parts: a header, a payload, and a signature. The header and payload are Base64Url-encoded JSON strings, and they are concatenated with a period (’.’) separator. Then, the resulting string is signed to produce the signature.

header.payload.signature

The header typically contains information about the token’s type and the signing algorithm being used. For example:

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

The payload, also known as the claim set, contains the actual data being transferred. It usually includes information about the user (subject), issuer, expiration time, and other custom claims.

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

Signature

The signature is created by taking the encoded header, the encoded payload, a secret key, and applying the signing algorithm specified in the header. The signature is used to verify the integrity of the token and ensure that it has not been tampered with.

PyJWT Library

PyJWT is a Python library that allows you to encode and decode JSON Web Tokens using various algorithms. You can install it using pip:

pip install PyJWT

Encoding a JWT

To create a JWT using the PyJWT library, you can use the jwt.encode() function. Here’s an example:

import jwt

payload = {
    "sub": "1234567890",
    "name": "John Doe",
    "iat": 1516239022
}

secret = "my_secret_key"

encoded_jwt = jwt.encode(payload, secret, algorithm="HS256")

print(encoded_jwt)

This will output the encoded JWT string:

b'eyJ0eXAiOiAiSldUIiwgImFsZyI6ICAiSFMyNTYifQ.eyJzdWIiOiAiMTIzNDU2Nzg5MCIsICJuYW1lIjogIkpvaG4gRG9lIiwgImlhdCI6IDE1MTYyMzkwMjJ9.8KjYbCkYelzOHwLSqbhj3rWGEJv3NQX9ATxXwx8QfWg'

Decoding a JWT

To decode a JWT, you can use the jwt.decode() function:

import jwt

encoded_jwt = b'eyJ0eXAiOiAiSldUIiwgImFsZyI6ICAiSFMyNTYifQ.eyJzdWIiOiAiMTIzNDU2Nzg5MCIsICJuYW1lIjogIkpvaG4gRG9lIiwgImlhdCI6IDE1MTYyMzkwMjJ9.8KjYbCkYelzOHwLSqbhj3rWGEJv3NQX9ATxXwx8QfWg'

secret = "my_secret_key"

decoded_jwt = jwt.decode(encoded_jwt, secret, algorithms=["HS256"])

print(decoded_jwt)

This will output the decoded payload:

{'sub': '1234567890', 'name': 'John Doe', 'iat': 1516239022}

Error Handling

While decoding a JWT, various exceptions might be raised, such as ExpiredSignatureError, InvalidSignatureError, or DecodeError. It’s essential to handle these exceptions in your application to ensure robustness.

import jwt
from jwt.exceptions import InvalidSignatureError, ExpiredSignatureError, DecodeError

try:
    decoded_jwt = jwt.decode(encoded_jwt, secret, algorithms=["HS256"])
except InvalidSignatureError:
    print("Invalid signature.")
except ExpiredSignatureError:
    print("Token has expired.")
except DecodeError:
    print("Token could not be decoded.")

Conclusion

In this article, we have covered JSON Web Tokens and how to use the PyJWT library for encoding and decoding JWTs in your Python applications. JWTs are a popular choice for authentication and authorization in web applications, and PyJWT provides a simple and effective way to handle JWTs in Python.

© Copyright 2024 by FriendlyUsers Tech Blog. Built with ♥ by FriendlyUser. Last updated on 2024-02-20.