├── .gitignore
├── .ssh
    └── example_id_rsa.pub
├── README.md
├── examples
    ├── create_jwt_hs256.py
    ├── create_jwt_rs256_ssh.py
    ├── handle_expired_error_jwt.py
    ├── verify_jwt_hs256.py
    └── verify_jwt_rs256_ssh.py
└── requirements.txt


/.gitignore:
--------------------------------------------------------------------------------
1 | id_rsa


--------------------------------------------------------------------------------
/.ssh/example_id_rsa.pub:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDYa+ji/dNBhiqYt1/pDAjRSVhZYPZuvJok2xmVskO0gj/TdFPrDy8P+xiEggedsjrVaeGmyE1fRaq0be8olQbk9pEgYiWG/sdb301lJ1DSgSHxkd0zMi80LVlIeRp/0TFmSMG+xBiUuBpR02/XycV7FFZN8X0tERbAbaBtXEx5QQfI39VTjjcZK32nZnJVSQch+A78neehPY0ESYVbor6h29uJHLkZWPJ3bFiMmbPXRA38q7wCDkqYhSddIRFWK8E1aH2jLcSkvNc2IjE9hj91E2AJlNV0APpRlUUCiecTuIaOL4LyHIzdz+TH4owy0qI2XLtxXHLPmcPtSvxfdtPNMBpGKLAmVtZs0gZGf2TxhpEC9pQMv5xAzmlU6R2DUsetSFrKuOtO+mkbiQVPc00fo/KDwqRL1iabQrWMA+4hfG9euZ96CpxCcbaFOG+6mp116jmuo9CVxFxP/gJoDn1oIUJpIVrOlfNJTgLEq48bMEjJPVd3HiU8QKIfd+0u2PU= jesstemporal@C02DX6FHMD6N
2 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Code Samples: Using PyJWT to Verify and Create JWTs
 2 | 
 3 | This repo contains the code used in the ["How To Handle JWTs in Python"](https://auth0.com/blog/how-to-handle-jwt-in-python) blog post check it out to learn how to create and verify JWTs using Python and PyJWT. ;)
 4 | 
 5 | ## Prerequisites
 6 | 
 7 | - Python >= 3.6
 8 | 
 9 | ## Setup
10 | 
11 | Grab the repo and install the dependencies.
12 | 
13 | ```bash
14 | git clone git@github.com:auth0-blog/jwts-in-python.git
15 | cd jwts-in-python
16 | python3 -m venv .env
17 | source .env/bin/activate
18 | pip install -U pip
19 | pip install -r requirements.txt
20 | ```
21 | 
22 | You'll also need to copy a pair of public/private SSH RSA keys into the `.ssh` folder. Currently there is a public example key in there used in the `examples/verify_jwt_rsa256_ssh.py` file but to use the `examples/create_jwt_rsa256_ssh.py` you'll need either a private key under the `.ssh` folder or to adjust the path to a preexisting folder.
23 | 
24 | In case you want to generate new keys [you'll find instructions here](https://auth0.com/blog/how-to-handle-jwt-in-python/#Generating-a-RSA-Key-Pair).
25 | 
26 | ## Running scripts
27 | 
28 | ```console
29 | python examples/verify_jwt_rsa256_ssh.py
30 | ```
31 | 
32 | ## Scripts Description
33 | 
34 | | Script | Description |
35 | | ------ | ----------- |
36 | | `examples/create_jwt_hs256.py` | Creates and prints out a JWT using the **HS256** algorithm |
37 | | `examples/create_jwt_rs256_ssh.py` | Creates and prints out a JWT using the **RS256** algorithm |
38 | | `examples/handle_expired_error_jwt.py` | Tries to decode an expired token and prints out the error elegantly when it fails |
39 | | `examples/verify_jwt_hs256.py` | Verifies and prints out the payload of a JWT signed with the **HS256** algorithm |
40 | | `examples/verify_jwt_rs256_ssh.py` | Verifies and prints out the payload of a JWT signed with the **RS256** algorithm |
41 | 
42 | ## Wrapping up
43 | 
44 | If you ran into any issues, reach out in the [comments of the blog post](https://auth0.com/blog/how-to-handle-jwt-in-python) or [feel free to tweet me](https://twitter.com/jesstemporal). Thanks!
45 | 


--------------------------------------------------------------------------------
/examples/create_jwt_hs256.py:
--------------------------------------------------------------------------------
 1 | import jwt
 2 | 
 3 | 
 4 | payload_data = {
 5 |     'sub': '4242',
 6 |     'name': 'Jessica Temporal',
 7 |     'nickname': 'Jess'
 8 | }
 9 | 
10 | secret = 'my_super_secret'
11 | token = jwt.encode(payload=payload_data, key=secret)
12 | print(token)


--------------------------------------------------------------------------------
/examples/create_jwt_rs256_ssh.py:
--------------------------------------------------------------------------------
 1 | import jwt
 2 | 
 3 | from cryptography.hazmat.primitives import serialization
 4 | 
 5 | 
 6 | payload_data = {
 7 |     'sub': '4242',
 8 |     'name': 'Jessica Temporal',
 9 |     'nickname': 'Jess'
10 | }
11 | 
12 | # you'll need to create or update the path to correspond to an available key
13 | private_key = open('.ssh/id_rsa', 'r').read()
14 | key = serialization.load_ssh_private_key(private_key.encode(), password=b'')
15 | 
16 | token = jwt.encode(payload=payload_data, key=key, algorithm='RS256')
17 | print(token)


--------------------------------------------------------------------------------
/examples/handle_expired_error_jwt.py:
--------------------------------------------------------------------------------
 1 | import jwt
 2 | 
 3 | from jwt.exceptions import ExpiredSignatureError
 4 | 
 5 | 
 6 | token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0MiIsIm5hbWUiOiJKZXNzIFRlbXBvcmFsIiwiZXhwIjoxNTE2MjM5MDIyfQ.uqeQ60enLaCQEZ-7C0d_cgQSrWfgXRQuoB1LZD0j06E'
 7 | 
 8 | header_data = jwt.get_unverified_header(token)
 9 | 
10 | secret = 'my_super_secret'
11 | 
12 | try:
13 |     payload = jwt.decode(
14 |         token,
15 |         key=secret,
16 |         algorithms=[header_data['alg'], ]
17 |     )
18 | except ExpiredSignatureError as error:
19 |     print(f'Unable to decode the token, error: {error}')


--------------------------------------------------------------------------------
/examples/verify_jwt_hs256.py:
--------------------------------------------------------------------------------
 1 | import jwt
 2 | 
 3 | 
 4 | token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MjQyIiwibmFtZSI6Ikplc3NpY2EgVGVtcG9yYWwiLCJuaWNrbmFtZSI6Ikplc3MifQ.EDkUUxaM439gWLsQ8a8mJWIvQtgZe0et3O3z4Fd_J8o'
 5 | secret = 'my_super_secret'
 6 | header_data = jwt.get_unverified_header(token)
 7 | 
 8 | payload_data = jwt.decode(
 9 |     token,
10 |     key=secret,
11 |     algorithms=[header_data['alg'], ]
12 | )
13 | print(payload_data)


--------------------------------------------------------------------------------
/examples/verify_jwt_rs256_ssh.py:
--------------------------------------------------------------------------------
 1 | import jwt
 2 | 
 3 | from cryptography.hazmat.primitives import serialization
 4 | 
 5 | 
 6 | public_key = open('.ssh/example_id_rsa.pub', 'r').read()
 7 | key = serialization.load_ssh_public_key(public_key.encode())
 8 | 
 9 | token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0MjQyIiwibmFtZSI6Ikplc3NpY2EgVGVtcG9yYWwiLCJuaWNrbmFtZSI6Ikplc3MifQ.HgHJPl6b5W0CiDz4cNuyRcs5B3KgaoRbMvZBgCkcXOSOCAc0m7R10tSm6d86u8oW8NgzGoIAlKxBw0CIPhdx5N7MWTE2gshzQqhuq5MB9tNX1pYrLsiOMbibeMasvcf97Kd3JiLAzPPJe6XXB4PNL4h_4RcW6aCgUlRhGMPx1eRkGxAu6ndp5zzWiHQH2KVcpdVVdAwbTznLv3OLvcZqSZj_zemj__IAZPMkBBnhdjYPn-44p9-xrNmFZ9qBth4Ps1ZC1_A6lH77Mi1zb48Ou60SUT1-dhKLU09yY3IX8Pas6xtH6NbZ-e3FxjofO_OL47p25CvdqMYW50JVit2tjU6yzaoXde8JV3J40xuQqwZeP6gsClPJTdA-71PBoAYbjz58O-Aae8OlxfWZyPsyeCPQhog5KjwqsgHUQZp2zIE0Y50CEfoEzsSLRUbIklWNSP9_Vy3-pQAKlEpft0F-xP-fkSf9_AC4-81gVns6I_j4kSuyuRxlAJBe3pHi-yS2'
10 | header_data = jwt.get_unverified_header(token)
11 | 
12 | payload_data = jwt.decode(jwt=token, key=public_key, algorithms=[header_data['alg'], ])
13 | print('header: ', header_data)
14 | print('payload: ', payload_data)


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | PyJWT[crypto]==2.1.0
2 | 


--------------------------------------------------------------------------------