Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Python JWT Signature Validator - Asymetric Keys - From exponent and modulus
Version | Release notes |
---|---|
1.0.0 | MAJOR Release. Added support for Google, Microsoft and Auth0. |
0.5.0 | MAJOR Release. Production stable. Added cache control. |
0.4.0-beta | Security fix. Certificate Chain is mandatory for Okta Custom URL Domain. |
0.3.0-beta | Minor release. Added support for Okta Custom URL Domain. |
0.2.0-beta | Minor release. Added support for AWS Cognito JWT. |
0.1.0-beta | Minor release. Increased configurability. |
0.0.1-beta | First package release. |
This library is provded as is. None of the listed IdPs will provide support for issues related with the present library. I am the sole maintainer of it.
Once the class is instantiated the following checks are performed:
After the above checks are done, it will verify the token signature with the apropriate signing algorithm based on the "alg" header claim. If the signature is valid, it will return None. Else, it will raise a exception.
pip install py-jwt-validator
from py_jwt_validator import PyJwtValidator, PyJwtException
jwt = access_token / id_token
try:
PyJwtValidator(jwt)
except PyJwtException as e:
print(f"Exception caught. Error: {e}")
from py_jwt_validator import PyJwtValidator, PyJwtException
jwt = access_token / id_token
validator = PyJwtValidator(jwt, auto_verify=False)
try:
payload = validator.verify(True)
print(payload)
except PyJwtException as e:
print(f"Exception caught. Error: {e}")
Custom Claim Validation:
from py_jwt_validator import PyJwtValidator, PyJwtException
jwt = access_token / id_token
validator = PyJwtValidator(jwt, auto_verify=False, custom_claim_name="custom_claim_value")
try:
payload = validator.verify(True)
print(payload)
except PyJwtException as e:
print(f"Exception caught. Error: {e}")
Cache Control:
from redis import StrictRedis
from py_jwt_validator import PyJwtValidator, PyJwtException
redis = StrictRedis(host="localhost", port=6390)
jwt = access_token / id_token
validator = PyJwtValidator(jwt, auto_verify=False, cache_store="redis", cache_store_connection=redis)
try:
payload = validator.verify(True)
print(payload)
except PyJwtException as e:
print(f"Exception caught. Error: {e}")
from pymongo import MongoClient
from py_jwt_validator import PyJwtValidator, PyJwtException
mongo = MongoClient("localhost", 27017)
jwt = access_token / id_token
validator = PyJwtValidator(jwt, auto_verify=False, cache_store="mongo", cache_store_connection=mongo)
try:
payload = validator.verify(True)
print(payload)
except PyJwtException as e:
print(f"Exception caught. Error: {e}")
Attribute | Required | Default value |
---|---|---|
jwt | Yes | None |
cid - OIDC Client ID | No | None |
aud - Audience | No | None |
iss - Issuer | No | None |
auto_verify | No | True |
check_expiry | No | True |
cache_enabled | No | True |
cache_lifetime | No | 1 day |
cache_store | No | sqlite |
cache_store_connection | No | None |
Attribute | Required | Default value |
---|---|---|
get_payload | No | False |
The reason why this class returns None or exception is to provide more flexibility. Not everyone needs to return the decoded payload of the jwt. It is recommended to use it within try: except blocks.
This library relies on the requests and requests_cache libraries. The caching control mechanism was implemented around these libraries.
When using redis or mongo as caching database solutions, the appropriate python connector libraries will be required (pymongo / redis). For additional information in regards of how requests_cache works, please review their docs: https://requests-cache.readthedocs.io/en/latest/
Please feel free to email me at adrian.lazar95@outlook.com or lzr.adrian95@gmail.com. I am opened to improvement / suggestions and critics.
FAQs
Python JWT Signature Validator - Asymetric Keys - From exponent and modulus
We found that py-jwt-validator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.