安装
pip install pyjwt=2.8.0
基本使用
使用HS256算法
import jwt
key = "secret"
encoded = jwt.encode({"some": "payload"}, key, algorithm="HS256")
print(encoded)
decoded = jwt.decode(encoded, key, algorithms="HS256")
print(decoded)
不验证签名获取内容
# 不验证签名
print(jwt.decode(encoded, options={"verify_signature": False}))
添加自定义标头
import jwt
key = "secret"
encoded = jwt.encode({"some": "payload"}, key, algorithm="HS256", headers={"kid": "123456789"})
print(encoded)
# 获取headers
headers = jwt.get_unverified_header(encoded)
print(headers)
已注册的声明名称
- “exp” (Expiration Time) Claim:用于指定JWT的过期时间,以Unix时间戳表示。
- 时间戳或使用utc的datetime
- “nbf” (Not Before Time) Claim:用于指定JWT的生效时间,在此之前令牌无效,以Unix时间戳表示。
- “iss” (Issuer) Claim:用于指定JWT的发行人,通常是一个URL或者字符串。
- “aud” (Audience) Claim:用于指定JWT的接收者,可以是一个字符串或者一个字符串数组。
- “iat” (Issued At) Claim:用于指定JWT的发行时间,以Unix时间戳表示。
设置过期时间
exp: Expiration Time Claim(过期时间声明)
from datetime import datetime, timedelta, timezone
from time import sleep
import jwt
key = "secret"
# 设置过期时间
# encoded = jwt.encode({"payload": "payload", "exp": 1715929715.085579}, key, algorithm="HS256")
encoded = jwt.encode({"payload": "payload", "exp": datetime.now(tz=timezone.utc)+timedelta(seconds=2)}, key, algorithm="HS256")
decoded = jwt.decode(encoded, key, algorithms=["HS256"])
print(decoded)
sleep(3)
decoded = jwt.decode(encoded, key, algorithms=["HS256"])
print(decoded)
设置10秒的余地
jwt.decode(jwt_payload, "secret", leeway=10, algorithms=["HS256"])
# 等价于
jwt.decode(
jwt_payload, "secret", leeway=datetime.timedelta(seconds=10), algorithms=["HS256"]
)
设置生效时间
from datetime import datetime, timedelta, timezone
from time import sleep
import jwt
from jwt import ImmatureSignatureError
key = "secret"
# 设置有效开启时间
# encoded = jwt.encode({"payload": "payload", "nbf": 1715929715.085579}, key, algorithm="HS256")
encoded = jwt.encode({"payload": "payload", "nbf": datetime.now(tz=timezone.utc)+timedelta(seconds=2)}, key, algorithm="HS256")
try:
decoded = jwt.decode(encoded, key, algorithms=["HS256"])
except ImmatureSignatureError:
print("The token is not yet valid (nbf)")
sleep(3)
decoded = jwt.decode(encoded, key, algorithms=["HS256"])
print(decoded)
设置发行人
import jwt
key = "secret"
# 设置发行人
payload = {"some": "payload", "iss": "urn:foo"}
token = jwt.encode(payload, "secret")
decoded = jwt.decode(token, "secret", issuer="urn:foo", algorithms=["HS256"])
print(decoded)
# 解码失败
decoded = jwt.decode(token, "secret", issuer="urn", algorithms=["HS256"])
print(decoded)
设置接收者
import jwt
key = "secret"
# 设置接收者
payload = {"some": "payload", "aud": ["urn:foo", "urn:bar"]}
token = jwt.encode(payload, "secret")
decoded = jwt.decode(token, "secret", audience="urn:foo", algorithms=["HS256"])
print(decoded)
# 一个接收者
payload = {"some": "payload", "aud": "urn:foo"}
token = jwt.encode(payload, "secret")
decoded = jwt.decode(token, "secret", audience="urn:foo", algorithms=["HS256"])
print(decoded)
# 多个接收者
payload = {"some": "payload", "aud": "urn:foo"}
token = jwt.encode(payload, "secret")
decoded = jwt.decode(
token, "secret", audience=["urn:foo", "urn:bar"], algorithms=["HS256"]
)
print(decoded)
设置发行时间
from datetime import datetime, timezone
import jwt
key = "secret"
encoded = jwt.encode({"iat": 1371720939}, "secret")
encoded1 = jwt.encode({"iat": datetime.now(tz=timezone.utc)}, "secret")
decoded = jwt.decode(encoded, key, algorithms=["HS256"])
decoded1 = jwt.decode(encoded1, key, algorithms=["HS256"])
print(decoded)
print(decoded1)
设置声明为必要条件
jwt.decode(encoded, options={"require": ["exp", "iss", "sub"]})