Python JSON Web Tokens : Implementation and Tutorial
Link to repository : https://github.com/fossasia/badgeyay
Tutorial : Python JSON Web Tokens
What is JWT?
JWT or JSON Web Tokens is a compact, URL-safe means of representing claims between two parties. The claim between the parties is often encoded as a payload onto the JWT and which is further signed using a SECRET_KEY.
JWT for Web Developers
The most interesting usage of JWT is in the field of Web Development.
I have been developing Web Applications for quite a long time now. Recently I was supposed to build an API for an Open Source Project which required me to handle User sessions. The stack I am using is:
- Python
- Flask Blueprint
- PostgreSQL
- JSON Web Tokens
Installing PyJWT
gabru-md ~ $ pip install pyjwt
Using JWT
Implementing or using JSON web tokens is very easy. All we need to understand is how it works.
A JWT consists of a payload which is protected using a SECRET_KEY. A JWT has tow main functions
- jwt.encode
- jwt.decode
Let us begin by encoding some stuff into our JSON Web Token
- Fire up your terminal & open Python
gabru-md ~ $ python
- Import
jwtlibrary intopython shell
import jwt
import datetime
- Create your payload
For our use case we want to generate a JWT for a logged in user into our system. So we will embedd the user details as well as an expiration time into our JSON Web Token.
payload = {
"user": user.username,
"exp": datetime.datetime.utcnow() + datetime.timedelta(seconds=900)
}
- Now we will create a
SECRET_KEYfor ourJWT
The secret key in our case will be out Flask'sSECRET_KEY. To create one, just follow the steps below.
from flask import Flask
app = Flask(__name__)
app.config['SECRET_KEY'] = 'somesuperrandomsecretkeynoonecancrack'
- Encode your JWT with the
SECRET_KEY
token = jwt.encode(payload, app.config.get('SECRET_KEY')
- View your token generated
print(token.decode('UTF-8'))
Output will be something like
u'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibWFuaXNoIn0.JX4_nxeJAY8lOSrTiyzU43eKt-qEWXtNhkPwfLWanUY'
Congratulations , Now you have your very own JSON Web Token for your User, which will expire in exactly 900 seconds or 15 minutes :)
I hope to write another blog on Authentication using JWT very soon. Please let me know If you like this post .
Thank you for reading :)
My Github : github@gabru-md
Link to my PR : here
Leave Python JSON Web Tokens : Implementation and Tutorial to:
Read more #utopian-io posts
Best Posts From gabrum
We have not curated any of gabrum's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From gabrum
- Redirecting Messaged and Admin Functionality in Badgeyay
- My Badges component in Badgeyay
- One for the beauty
- JSON API and schemas in Badgeyay
- Badgeyay : Adding tokens for firebase authentication
- Fixing Bug in Github Linguist
- Neural Network Web Page Scroller TFJS
- Flask Blueprint : Image and File Upload API - Tutorial
- Python JSON Web Tokens : Implementation and Tutorial
- Adding Simple GTK 3.0+ GUI to Livewall