PyJWT 패키지 이용해서 JWT 토큰을 생성하고 검증및 파싱하는 예제.
pip install pyjwt
pip install cryptography # RSA, ESCDA 를 위해 필요
서명 알고리즘은 ES256 을 사용.
import jwt
#private_key = open('es256-private-key.txt').read()
private_key = """-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDiQhSHFsb3puIYG4lfJsCRgb1RlA0t2U41X+ph0YvAUw==
-----END PRIVATE KEY-----"""
print(private_key)
# token = jwt.encode({"some": "payload"}, private_key, algorithm="ES256")
token = jwt.encode({
"iss": "issuer",
"sub": "subject",
"iat": 1620289470,
"exp": 1620375903
}, private_key, algorithm="ES256")
print(token)
# public_key = """-----BEGIN PUBLIC KEY-----
# MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETYvVFPg0qhcDkzYGOa5xCrZiZ9uoJUltWjSWlW5tw85vHkqDIA+45fJ8YN5bSVmUE9ahW/IA5DKUyYS87W/JKQ==
# -----END PUBLIC KEY-----"""
encoding_public_key = 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETYvVFPg0qhcDkzYGOa5xCrZiZ9uoJUltWjSWlW5tw85vHkqDIA+45fJ8YN5bSVmUE9ahW/IA5DKUyYS87W/JKQ=='
public_key = '-----BEGIN PUBLIC KEY-----\n' + encoding_public_key + '\n' + '-----END PUBLIC KEY-----'
try:
decoded = jwt.decode(token, public_key, algorithms="ES256")
print(decoded)
except jwt.exceptions.ExpiredSignatureError as e:
print('Exception:', e)
jwt.encode(), jwt.decode() 둘다 key 값을 PEM 형식으로 된 값들을 읽고 있다.
이상하게도 키값이 저장된 파일을 읽어서 파라미터로 전달하는 방식으로 할때는 에러가 나서 PEM(-----BEGIN ~ ------END) 형식으로 바꾸기 위해 키값 위아래로 PEM 시작/종료 문자열을 추가했더니 정상동작한다.
참고 :
JWT.IO
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
jwt.io
pyjwt.readthedocs.io/en/stable/index.html
Welcome to PyJWT — PyJWT 2.1.0 documentation
© Copyright 2015, José Padilla Revision 79c23d7d.
pyjwt.readthedocs.io
blog.miguelgrinberg.com/post/json-web-tokens-with-public-key-signatures
JSON Web Tokens with Public Key Signatures
JSON Web Tokens offer a simple and powerful way to generate tokens for APIs. These tokens carry a payload that is cryptographically signed. While the payload itself is not encrypted, the signature…
blog.miguelgrinberg.com