How to Create JSON Web Tokens (JWTs) in Python

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Json web tokens or jwts for short are all over the web wait GWT or jot well you'll decide in this video you'll learn what Json web tokens are how to create the diabetes in Python using the most popular JWT Library 5gwt let's get started I'm going to go over a brief introduction on what jwts are so if you're already familiar you can skip ahead to the coding Jason Webb tokens are a very compact way to carry information and they are defined as a three-part structure consisting of a header a payload and a signature the header and the payload both carry what we call claims in the header we find claims about the token itself like what algorithm was used for signing that token while the payload or the body carries information about a given asset in a logging scenario this would be information about an user claims follow the standard key value pairing and most of the claims commonly use ginger WTS have a standardized naming defined in the RFC 7519 finally this signature this is the part that helps you make sure that a given token wasn't tampered with because signing jwts requires either a secret or a public private key pair agreed on previously the signature itself is based off the header and the payload in combination with the secret of private public keeper depending on what algorithm was used if you want to know more about jwts you can read the JWT handbook Linked In the description below but enough about the theoretical part let's see some code first I'm going to create python environment in my working folder the way I like to do this is using Python 3 Dash m that um and keep in mind that I'm using python version 3.8 here once that gets created I can activate my nth now note that they come in for activating your environment may vary especially according to your operating system and you can find a link in the description that lists all the ways you can activate an environment so you can find a way that works best for your OS in there okay cool disclaimer then now I need to update my pip version and now I need to install Pi JWT with the cryptography dependency [Music] and I'm doing this because we will need the cryptography Library if you want to use asymmetrical algorithms in the future I'm also going to install IPython which is an alternative python console because personally I like it better than the instrumented python console it has code completion and it's overall nicer to the eyes but feel free to choose whichever interface or console that you may prefer to follow along now I have everything I need so I'm going to open my console here by calling my python I'm going to clean my screen and what I want to do is import the JWT object from the pi JWT Library the next step is to prepare some data so I can pass it on the body of my JWT so let's create a dictionary to hold some user data foreign data have three claims sub which is the user identifier a subject of this token name which is the user full name and nickname which is the user well nickname keep in mind that I'm using some dummy data which tells you who my user is in this example and now the work's pretty much done you can call the anchor method from the JWT package pass the dictionary I just created and let that method do its magic for us and by this I mean that the anchor method takes care of creating a standard header for my token foreign I like to point out three things first is that the keeper M actually work for either a key or a secret in this case I'm using a secret because the default algorithm only requires a secret which brings me to my second point that in real life you have an actual secret being used instead of this dummy string that I got here and third is that if you you are using an asymmetric algorithm for signing like is 256 you need to use the private key for signing your tokens don't worry I'm going to show you how to do that in just a bit now if I print out this token by calling it you see this huge string over here and you can copy this string and use it wherever you want in this case I'm going to copy it and paste it on jwt.io and jwc.io is a pretty useful tool because you can use it anywhere as long as you have internet connection so you can actually verify the signature of a token in your web browser here I already got an example token but let's paste the token I just created so if I scroll down here and paste my token you'll see that my token signature is invalid but that's because I need to fix the secret in this little field here and if I copy my secret and paste that here you can see that the tokens get a signature verified yay you can see here also the header of my token in this section that I got I had with two claims that Pi JWT actually added for us the first one is type which is used to say which type of token this is and the second one is ALG which says which algorithm was used for signing digitality in the payload you can see the data that we created and one thing that you might not know is that JWT can be used to actually generate a token so if you change any of the values I got either in the header or in the payload you see that my token actually changes and that's it you just generated and verify the token in a few easy steps now before you go I want to show you an example on how to create a token using an asymmetrical algorithm in this case I'm going to use RS 256 this time is where the cryptography package comes into play because the RS 256 uses a private and public Keys we need to load the private key for signing the token and to do this I need to import the serialization module from the cryptography package so let's go back to my console let me clean this up a little bit and let's import my serialization module and I already got my public private key Fair inside my DOT SSH folder in my local directory here and you can see that if I list the contents of my folder.ssh and because this key pair was created using the SSH Keygen too I need to use a SSH method to load it so first things first I need to read this private key file and save it into a variable so the way I do this is like this using the open method and the read method and this will store my private key into the private key variable as a string then I need to pass this string as a byte object to the load SSH private key method from the serialization module so I'm going to do this by creating a new key and encode the private key variable oh is missing and coat let me add that okay no more error now keep in mind that for this example this kid doesn't have a password or a press phrase but remember that securing Keys is very important so always generate the keys with the passphrases and the half lifting is mostly done you can now call the encode method once again pass the key and choose the RS 256 algorithm and finally generate your token again so I'm going to start that in a new variable and if I print out this new token by calling it and you are done now I can copy paste this into dwc.io once again just to check it and you can see here that I now have a different header even though the content of the payload is the same now you know all about jwts and how to create them in Python if you have any questions and want to see more videos like this here in the channel leave a comment below also remember to subscribe to the channel and check out the link section in the description of the video to find more information on jwts thanks for watching and I'll see you soon

Info

Channel: OktaDev

Views: 10,967

Rating: undefined out of 5

Keywords: python, jwt, pyjwt, JWT in Python, JSON Web Token in Python, rs256, hs256, how to create JWT in Python, how to encode JWT in Python, how to verify JWT in Python, how to decode JWT in Python, how to sign jwt with rs256 in python, how to create jwt with rs256 in python, jwt tutorial, python tutorial, web development, identity, security, access tokens, python tutorial, python 3, json web tokens, json web tokens tutorial, okta, okta dev, jess temporal, how to make a jwt, what is jwt

Id: vYrlAyx98Yk

Channel Id: undefined

Length: 12min 15sec (735 seconds)

Published: Wed Jan 25 2023