Use of jwt
jwt official website: https://jwt.io/
1.header
{‘alg’:‘HS256’, ‘typ’:‘JWT’}
2.payload
{ 'exp':xxx, # Expiration Time The timestamp of the expiration time of this token'iss':xxx, # (Issuer) Claim indicates the issuer of this token'aud':xxx, #(Audience) Claim indicates the token's 'iat':xxx, # (Issued At) Claim indicates the timestamp of the creation time'aud':xxx, # (Audience) Claim indicates that this token is issued for the group }
3.sign
HS256 (custom key, header after base64 +'.' + payload after base64)
jwt format
base64(header) + ‘.’ + base64(payload) + ‘.’ + base64(sign)
Code
import base64
import copy
import hmac
import json
import time
class Jwt(object):
def __init__(self):
pass
@staticmethod
def b64encode(content):
# 去掉多余的 =号
return base64.urlsafe_b64encode(content).replace(b'=', b'')
@staticmethod
def b64decode(b):
# 把去掉的=号加回来
sem = len(b) % 4
if sem > 0:
b += b'=' * (4 - sem)
return base64.urlsafe_b64decode(b)
# 编码
@staticmethod
def encode(payload, key, exp=300):
# 初始化头 init header
header = {
'typ': 'JWT', 'alg': 'HS256'}
header_json = json.dumps(header,
separators=(',', ':'), # 紧凑字符串
sort_keys=True) # 有序性
header_bs = Jwt.b64encode(header_json.encode())
# 初始化数据 init payload
payload_self = copy.deepcopy(payload)
if not isinstance(exp, int) and not isinstance(exp, str):
raise TypeError('Exp must be int or str !')
exp_time = time.time() + int(exp)
print(exp_time)
payload_self['exp'] = exp_time
payload_js = json.dumps(payload_self,
separators=(',', ':'), # 紧凑字符串
sort_keys=True)
print(payload_js)
# json => base64
payload_bs = Jwt.b64encode(payload_js.encode())
# 初始化签名 init sign
if isinstance(key, str):
key = key.encode()
# 计算签名
hm = hmac.new(key, header_bs + b'.' + payload_bs, digestmod='SHA256')
# json => base64
sign_bs = Jwt.b64encode(hm.digest())
# 组合token
return header_bs + b'.' + payload_bs + b'.' + sign_bs
@staticmethod
def decode(token, key):
header_bs, payload_bs, sign_bs = token.split(b'.')
# 校验签名
if isinstance(key, str):
key = key.encode()
hm = hmac.new(key, header_bs + b'.' + payload_bs, digestmod='SHA256')
print(sign_bs)
print(Jwt.b64encode(hm.digest()))
if Jwt.b64encode(hm.digest()) != sign_bs:
print('签名校验失败!')
raise
# 检查 exp是否过期
payload_js = Jwt.b64decode(payload_bs)
payload = json.loads(payload_js)
if 'exp' in payload:
now = time.time()
if now > payload['exp']:
print('exp 校验失败')
raise
# return payload部分的解码
return payload
if __name__ == '__main__':
token = Jwt.encode({
"username": "hzx"}, '12345', 300)
print('生成token')
print(token)
print('校验结果')
print(Jwt.decode(token, '12345'))
pyjwt
installation
pip install jwt
Use code
import time
import jwt
payload = {
'username': 'hzx',
'exp': time.time() + 2, # 超时时间
'iss': 'wo'} # 发布者
token = jwt.encode(payload,
'123456', # key
algorithm='HS256') # 加密算法
print(token, type(token))
a = jwt.decode(token, # 令牌
'123456', # key
algorithms='HS256', # 加密算法
issuer='wo') # 校验发布者
print(a)
time.sleep(3)
# token过期 raise ExpiredSignatureError("Signature has expired")
# a = jwt.decode(token, '123456', algorithms='HS256')
# print(a)
Output result
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6Imh6eCIsImV4cCI6MTYxNDE1ODQyMC4zMTE2Mjk1LCJpc3MiOiJ3byJ9.9xm5N5w12c52DmXqw35WCZoBmzU8oyj8Pcx56XKhFiI
<class 'str'>
{'username': 'hzx', 'exp': 1614158420.3116295, 'iss': 'wo'}