tessl/pypi-pyjwt
JSON Web Token implementation in Python with support for JWT, JWS, JWK, and JWKS
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-pyjwt@2.10.00
# PyJWT
1
2
A comprehensive Python library for JSON Web Token (JWT) implementation providing secure token-based authentication and authorization. PyJWT supports complete RFC 7519 standard with encoding, decoding, and validation using various cryptographic algorithms including HMAC, RSA, ECDSA, and EdDSA signatures.
3
4
## Package Information
5
6
- **Package Name**: PyJWT
7
- **Language**: Python
8
- **Installation**: `pip install PyJWT` (basic HMAC) or `pip install PyJWT[crypto]` (full cryptographic support)
9
10
## Core Imports
11
12
```python
13
import jwt
14
```
15
16
Common usage imports:
17
18
```python
19
from jwt import encode, decode, PyJWT
20
from jwt.exceptions import InvalidTokenError, ExpiredSignatureError
21
```
22
23
## Basic Usage
24
25
```python
26
import jwt
27
from datetime import datetime, timedelta, timezone
28
29
# Encode a JWT
30
payload = {
31
'user_id': 123,
32
'exp': datetime.now(tz=timezone.utc) + timedelta(hours=1)
33
}
34
token = jwt.encode(payload, 'your-secret-key', algorithm='HS256')
35
36
# Decode and verify a JWT
37
try:
38
decoded = jwt.decode(token, 'your-secret-key', algorithms=['HS256'])
39
print(f"User ID: {decoded['user_id']}")
40
except jwt.ExpiredSignatureError:
41
print("Token has expired")
42
except jwt.InvalidTokenError:
43
print("Invalid token")
44
```
45
46
## Architecture
47
48
PyJWT provides a layered architecture for JWT operations:
49
50
- **JWT Layer**: High-level JWT encoding/decoding with claim validation (PyJWT class)
51
- **JWS Layer**: Lower-level JSON Web Signature operations (PyJWS class)
52
- **JWK Layer**: JSON Web Key handling and cryptographic key abstraction (PyJWK, PyJWKSet)
53
- **JWKS Client**: HTTP client for fetching and caching remote key sets (PyJWKClient)
54
- **Algorithm Support**: Pluggable cryptographic algorithm system with HMAC, RSA, ECDSA, EdDSA
55
56
This design enables secure token operations across web frameworks, API services, and microservices with comprehensive claim validation, flexible key management, and extensive algorithm support.
57
58
## Capabilities
59
60
### JWT Operations
61
62
Core JWT encoding and decoding functionality with automatic claim validation, expiration checking, and signature verification. Supports standard claims (exp, nbf, iat, aud, iss, sub) and custom payloads.
63
64
```python { .api }
65
def encode(payload: dict, key: str | bytes, algorithm: str = 'HS256',
66
headers: dict = None, json_encoder = None) -> str: ...
67
def decode(jwt: str | bytes, key: str | bytes = '', algorithms: list = None,
68
options: dict = None, audience: str = None, issuer: str = None,
69
leeway: float = 0) -> dict: ...
70
class PyJWT:
71
def __init__(self, options: dict = None): ...
72
def encode(self, payload: dict, key, algorithm: str = None,
73
headers: dict = None) -> str: ...
74
def decode(self, jwt: str | bytes, key = '', algorithms: list = None,
75
options: dict = None) -> dict: ...
76
```
77
78
[JWT Operations](./jwt-operations.md)
79
80
### JWS Operations
81
82
Lower-level JSON Web Signature operations for signing and verifying arbitrary payloads. Provides direct access to the signature layer without JWT-specific claim validation.
83
84
```python { .api }
85
class PyJWS:
86
def __init__(self, algorithms: list = None, options: dict = None): ...
87
def encode(self, payload: bytes, key, algorithm: str = None,
88
headers: dict = None) -> str: ...
89
def decode(self, jws: str | bytes, key = '', algorithms: list = None,
90
options: dict = None) -> bytes: ...
91
def get_unverified_header(self, jwt: str | bytes) -> dict: ...
92
```
93
94
[JWS Operations](./jws-operations.md)
95
96
### JSON Web Keys (JWK)
97
98
JSON Web Key handling and cryptographic key abstraction supporting RSA, ECDSA, EdDSA, and symmetric keys. Provides key parsing, validation, and algorithm detection.
99
100
```python { .api }
101
class PyJWK:
102
def __init__(self, jwk_data: dict, algorithm: str = None): ...
103
@staticmethod
104
def from_dict(obj: dict, algorithm: str = None) -> 'PyJWK': ...
105
@staticmethod
106
def from_json(data: str, algorithm: str = None) -> 'PyJWK': ...
107
@property
108
def key_type(self) -> str: ...
109
@property
110
def key_id(self) -> str: ...
111
112
class PyJWKSet:
113
def __init__(self, keys: list): ...
114
@staticmethod
115
def from_dict(obj: dict) -> 'PyJWKSet': ...
116
@staticmethod
117
def from_json(data: str) -> 'PyJWKSet': ...
118
def __getitem__(self, kid: str) -> PyJWK: ...
119
```
120
121
[JSON Web Keys](./jwk-operations.md)
122
123
### JWKS Client
124
125
HTTP client for fetching and caching JSON Web Key Sets from remote endpoints. Supports automatic key refresh, caching strategies, and integration with JWT verification.
126
127
```python { .api }
128
class PyJWKClient:
129
def __init__(self, uri: str, cache_keys: bool = False,
130
max_cached_keys: int = 16, cache_jwk_set: bool = True,
131
lifespan: int = 300, headers: dict = None,
132
timeout: int = 30): ...
133
def get_signing_key(self, kid: str) -> PyJWK: ...
134
def get_signing_key_from_jwt(self, token: str) -> PyJWK: ...
135
def get_jwk_set(self, refresh: bool = False) -> PyJWKSet: ...
136
```
137
138
[JWKS Client](./jwks-client.md)
139
140
### Algorithm Management
141
142
Cryptographic algorithm registration and management system supporting custom algorithms and algorithm whitelisting for security.
143
144
```python { .api }
145
def register_algorithm(alg_id: str, alg_obj) -> None: ...
146
def unregister_algorithm(alg_id: str) -> None: ...
147
def get_algorithm_by_name(alg_name: str): ...
148
def get_unverified_header(jwt: str | bytes) -> dict: ...
149
```
150
151
[Algorithm Management](./algorithm-management.md)
152
153
## Exception Types
154
155
```python { .api }
156
class PyJWTError(Exception):
157
"""Base class for all PyJWT exceptions"""
158
159
class InvalidTokenError(PyJWTError):
160
"""Invalid token format or structure"""
161
162
class DecodeError(InvalidTokenError):
163
"""Token parsing or decoding errors"""
164
165
class InvalidSignatureError(DecodeError):
166
"""Signature verification failed"""
167
168
class ExpiredSignatureError(InvalidTokenError):
169
"""Token has expired (exp claim)"""
170
171
class ImmatureSignatureError(InvalidTokenError):
172
"""Token not yet valid (nbf/iat claims)"""
173
174
class InvalidAudienceError(InvalidTokenError):
175
"""Audience claim validation failed"""
176
177
class InvalidIssuerError(InvalidTokenError):
178
"""Issuer claim validation failed"""
179
180
class MissingRequiredClaimError(InvalidTokenError):
181
"""Required claim missing from token"""
182
183
class InvalidSubjectError(InvalidTokenError):
184
"""Subject claim validation failed"""
185
186
class InvalidJTIError(InvalidTokenError):
187
"""JWT ID claim validation failed"""
188
189
class PyJWKError(PyJWTError):
190
"""JSON Web Key related errors"""
191
192
class MissingCryptographyError(PyJWKError):
193
"""Cryptography library required for asymmetric algorithms"""
194
195
class PyJWKClientError(PyJWTError):
196
"""JWKS client errors"""
197
```