pyjwt

JSON Web Token implementation in Python

MIT License

Downloads
201.4M
Stars
4.9K
Committers
150
View Code on GitHub Visit Website View on X
Ecosystems: Python

Bot releases are hidden (Show)

pyjwt - 2.8.0 Latest Release

Published by jpadilla about 1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.7.0...2.8.0

pyjwt - 2.7.0

Published by jpadilla over 1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0

pyjwt - 2.6.0

Published by jpadilla almost 2 years ago

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0

pyjwt - 2.5.0

Published by jpadilla about 2 years ago

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0

pyjwt - 2.4.0

Published by jpadilla over 2 years ago

Security

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

pyjwt - 2.3.0

Published by jpadilla almost 3 years ago

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0

pyjwt - 2.2.0

Published by jpadilla about 3 years ago

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0

pyjwt - 2.1.0

Published by jpadilla over 3 years ago

Changelog

Changed

  • Allow claims validation without making JWT signature validation mandatory. #608

Fixed

  • Remove padding from JWK test data. #628
  • Make kty mandatory in JWK to be compliant with RFC7517. #624
  • Allow JWK without alg to be compliant with RFC7517. #624
  • Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. #645

Added

  • Add caching by default to PyJWKClient #611
  • Add missing exceptions.InvalidKeyError to jwt module __init__ imports #620
  • Add support for ES256K algorithm #629
  • Add from_jwk() to Ed25519Algorithm #621
  • Add to_jwk() to Ed25519Algorithm #643
  • Export PyJWK and PyJWKSet #652
pyjwt - 2.0.1

Published by jpadilla over 3 years ago

Changelog

Changed

  • Rename CHANGELOG.md to CHANGELOG.rst and include in docs #597

Fixed

  • Fix from_jwk() for all algorithms #598
pyjwt - v2.0.0

Published by jpadilla almost 4 years ago

Highlights

Introduce better experience for JWKs

Introduce PyJWK, PyJWKSet, and PyJWKClient.

import jwt
from jwt import PyJWKClient

token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"

jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(token)

data = jwt.decode(
    token,
    signing_key.key,
    algorithms=["RS256"],
    audience="https://expenses-api",
    options={"verify_exp": False},
)
print(data)

Support for JWKs containing ECDSA keys

Drop support for Python 2

Require cryptography >= 3

Drop support for PyCrypto and ECDSA

We've kept this around for a long time, mostly for environments that didn't allow installing cryptography.

Drop CLI

Dropped the included cli entry point.

Improve typings

We no longer need to use mypy Python 2 compatibility mode (comments)

Add support for Ed25519 / EdDSA

Changes

  • Add PyPy3 to the test matrix (#550) by @jdufresne
  • Require tweak (#280) by @psafont
  • Decode return type is dict[str, Any] (#393) by @jacopofar
  • Fix linter error in test_cli (#414) by @jaraco
  • Run mypy with tox (#421) by @jpadilla
  • Document (and prefer) pyjwt[crypto] req format (#426) by @gthb
  • Correct type for json_encoder argument (#438) by @jdufresne
  • Prefer https:// links where available (#439) by @jdufresne
  • Pass python_requires argument to setuptools (#440) by @jdufresne
  • Rename [wheel] section to [bdist_wheel] as the former is legacy (#441) by @jdufresne
  • Remove setup.py test command in favor of pytest and tox (#442) by @jdufresne
  • Fix mypy errors (#449) by @jpadilla
  • DX Tweaks (#450) by @jpadilla
  • Add support of python 3.8 (#452) by @Djailla
  • Fix 406 (#454) by @justinbaur
  • Add support for Ed25519 / EdDSA, with unit tests (#455) by @Someguy123
  • Remove Python 2.7 compatibility (#457) by @Djailla
  • Fix simple typo: encododed -> encoded (#462) by @timgates42
  • Enhance tracebacks. (#477) by @JulienPalard
  • Simplify python_requires (#478) by @michael-k
  • Document top-level .encode and .decode to close #459 (#482) by @dimaqq
  • Improve documentation for audience usage (#484) by @CorreyL
  • Correct README on how to run tests locally (#489) by @jdufresne
  • Fix tox -e lint warnings and errors (#490) by @jdufresne
  • Run pyupgrade across project to use modern Python 3 conventions (#491) by @jdufresne
  • Add Python-3-only trove classifier and remove "universal" from wheel (#492) by @jdufresne
  • Emit warnings about user code, not pyjwt code (#494) by @mgedmin
  • Move setup information to declarative setup.cfg (#495) by @jdufresne
  • CLI options for verifying audience and issuer (#496) by @GeoffRichards
  • Specify the target Python version for mypy (#497) by @jdufresne
  • Remove unnecessary compatibility shims for Python 2 (#498) by @jdufresne
  • Setup GH Actions (#499) by @jpadilla
  • Implementation of ECAlgorithm.from_jwk (#500) by @jpadilla
  • Remove cli entry point (#501) by @jpadilla
  • Expose InvalidKeyError on jwt module (#503) by @russellcardullo
  • Avoid loading token twice in pyjwt.decode (#506) by @CaselIT
  • Default links to stable version of documentation (#508) by @salcedo
  • Update README.md badges (#510) by @jpadilla
  • Introduce better experience for JWKs (#511) by @jpadilla
  • Fix tox conditional extras (#512) by @jpadilla
  • Return tokens as string not bytes (#513) by @jpadilla
  • Drop support for legacy contrib algorithms (#514) by @jpadilla
  • Drop deprecation warnings (#515) by @jpadilla
  • Update Auth0 sponsorship link (#519) by @Sambego
  • Update return type for jwt.encode (#521) by @moomoolive
  • Run tests against Python 3.9 and add trove classifier (#522) by @michael-k
  • Removed redundant default_backend() (#523) by @rohitkg98
  • Documents how to use private keys with passphrases (#525) by @rayluo
  • Update version to 2.0.0a1 (#528) by @jpadilla
  • Fix usage example (#530) by @nijel
  • add EdDSA to docs (#531) by @CircleOnCircles
  • Remove support for EOL Python 3.5 (#532) by @jdufresne
  • Upgrade to isort 5 and adjust configurations (#533) by @jdufresne
  • Remove unused argument "verify" from PyJWS.decode() (#534) by @jdufresne
  • Update typing syntax and usage for Python 3.6+ (#535) by @jdufresne
  • Run pyupgrade to simplify code and use Python 3.6 syntax (#536) by @jdufresne
  • Drop unknown pytest config option: strict (#537) by @jdufresne
  • Upgrade black version and usage (#538) by @jdufresne
  • Remove "Command line" sections from docs (#539) by @jdufresne
  • Use existing key_path() utility function throughout tests (#540) by @jdufresne
  • Replace force_bytes()/force_unicode() in tests with literals (#541) by @jdufresne
  • Remove unnecessary Unicode decoding before json.loads() (#542) by @jdufresne
  • Remove unnecessary force_bytes() calls priot to base64url_decode() (#543) by @jdufresne
  • Remove deprecated arguments from docs (#544) by @jdufresne
  • Update code blocks in docs (#545) by @jdufresne
  • Refactor jwt/jwks_client.py without requests dependency (#546) by @jdufresne
  • Tighten bytes/str boundaries and remove unnecessary coercing (#547) by @jdufresne
  • Replace codecs.open() with builtin open() (#548) by @jdufresne
  • Replace int_from_bytes() with builtin int.from_bytes() (#549) by @jdufresne
  • Enforce .encode() return type using mypy (#551) by @jdufresne
  • Prefer direct indexing over options.get() (#552) by @jdufresne
  • Cleanup "noqa" comments (#553) by @jdufresne
  • Replace merge_dict() with builtin dict unpacking generalizations (#555) by @jdufresne
  • Do not mutate the input payload in PyJWT.encode() (#557) by @jdufresne
  • Use direct indexing in PyJWKClient.get_signing_key_from_jwt() (#558) by @jdufresne
  • Split PyJWT/PyJWS classes to tighten type interfaces (#559) by @jdufresne
  • Simplify mocked_response test utility function (#560) by @jdufresne
  • Autoupdate pre-commit hooks and apply them (#561) by @jdufresne
  • Remove unused argument "payload" from PyJWS._verify_signature() (#562) by @jdufresne
  • Add utility functions to assist test skipping (#563) by @jdufresne
  • Type hint jwt.utils module (#564) by @jdufresne
  • Prefer ModuleNotFoundError over ImportError (#565) by @jdufresne
  • Fix tox "manifest" environment to pass (#566) by @jdufresne
  • Fix tox "docs" environment to pass (#567) by @jdufresne
  • Simplify black configuration to be closer to upstream defaults (#568) by @jdufresne
  • Use generator expressions (#569) by @jdufresne
  • Simplify from_base64url_uint() (#570) by @jdufresne
  • Drop lint environment from GitHub actions in favor of pre-commit.ci (#571) by @jdufresne
  • [pre-commit.ci] pre-commit autoupdate (#572)
  • Simplify tox configuration (#573) by @jdufresne
  • Combine identical test functions using pytest.mark.parametrize() (#574) by @jdufresne
  • Complete type hinting of jwks_client.py (#578) by @jdufresne

Thanks to all that helped made this release happen one way or another. Special shout out to @jdufresne for all the amazing work getting this project into tip-top shape.

pyjwt - 2.0.0a2

Published by jpadilla almost 4 years ago

pyjwt - 2.0.0a1

Published by jpadilla almost 4 years ago

pyjwt - v1.7.1

Published by jpadilla almost 6 years ago

Fixed

  • Update test dependencies with pinned ranges (b65e1ac6dc4d11801f3642eaab34ae6a54162c18)
  • Fix pytest deprecation warnings (b65e1ac6dc4d11801f3642eaab34ae6a54162c18)
pyjwt - v1.7.0

Published by jpadilla almost 6 years ago

Changed

  • Remove CRLF line endings #353

Fixed

  • Update usage.rst #360

Added

  • Support for Python 3.7 #375 #379 #384
pyjwt - v1.6.4

Published by jpadilla over 6 years ago

Fixed

  • Reverse an unintentional breaking API change to .decode() #352
pyjwt - v1.6.3

Published by jpadilla over 6 years ago

Note: I accidentally published v1.6.2 and removed it from PyPI, that's why the jump to v1.6.3

Changed

  • All exceptions inherit from PyJWTError #340

Added

  • Add type hints #344
  • Add help module 7ca41e53b3d7d9f5cd31bdd8a2b832d192006239

Docs

  • Added section to usage docs for jwt.get_unverified_header() #350
  • Update legacy instructions for using pycrypto #337
pyjwt - v1.6.1

Published by jpadilla over 6 years ago

Fixed

  • Audience parameter throws InvalidAudienceError when application does not specify an audience, but the token does. #336
pyjwt - v1.6.0

Published by jpadilla over 6 years ago

Changed

  • Dropped support for python 2.6 and 3.3 #301
  • An invalid signature now raises an InvalidSignatureError instead of DecodeError #316

Fixed

  • Fix over-eager fallback to stdin #304

Added

  • Audience parameter now supports iterables #306
pyjwt - v1.5.3

Published by jpadilla about 7 years ago

Changed

  • Increase required version of the cryptography package to >=1.4.0.

Fixed

  • Remove uses of deprecated functions from the cryptography package.
  • Warn about missing algorithms param to decode() only when verify param is True #281
pyjwt - v1.5.2

Published by jpadilla over 7 years ago

Fixed

  • Ensure correct arguments order in decode super call 7c1e61d
Package Rankings
Top 3.24% on Alpine-v3.15
Top 9.27% on Anaconda.org
Top 6.37% on Alpine-v3.10
Top 4.61% on Alpine-v3.9
Top 3.04% on Alpine-v3.16
Top 6.43% on Alpine-v3.12
Top 3.59% on Conda-forge.org
Top 0.68% on Pypi.org
Top 3.48% on Alpine-v3.13
Top 2.61% on Alpine-edge
Top 1.5% on Alpine-v3.18
Top 6.73% on Alpine-v3.11
Top 3.05% on Alpine-v3.14
Top 3.37% on Alpine-v3.17
Top 2.8% on Spack.io
Related Projects
security_interface

Simple API for authentication and authorization.

24 Oct 2018 5
authx

Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ✨

23 Aug 2021 706
python-jwt

JSON Web Token library for Python

11 Apr 2014 132
jwt_tool

A toolkit for testing, tweaking and cracking JSON Web Tokens

23 Jan 2017 5,305
fastapi-graphql

FastAPI backend using GraphQL API

26 Jun 2024 1
pyauth0

Python utilities for Auth0

27 Apr 2022 1
fastapi-jwt-auth

FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)

23 Jul 2020 642
Flask-EasyJWT

Super simple JSON Web Tokens for Flask

07 May 2019 0
fastapi-jwt

FastAPI native extension, easy and simple JWT auth

02 Dec 2021 123
fastapi-jwt-auth3

JWT authentication in FastAPI with ease

07 Jun 2024 2
djangorestframework-simplejwt

A JSON Web Token authentication plugin for the Django REST Framework.

05 May 2017 3,949
jwtcrack

Crack the shared secret of a HS256-signed JWT

24 Aug 2016 199
python-jose

A JOSE implementation in Python

20 Apr 2015 1,489