Link to repository : https://github.com/fossasia/badgeyay
JWT or JSON Web Tokens is a compact, URL-safe means of representing claims between two parties. The claim between the parties is often encoded as a payload onto the JWT and which is further signed using a SECRET_KEY.
The most interesting usage of JWT is in the field of Web Development.
I have been developing Web Applications for quite a long time now. Recently I was supposed to build an API for an Open Source Project which required me to handle User sessions. The stack I am using is:
gabru-md ~ $ pip install pyjwt
Implementing or using JSON web tokens is very easy. All we need to understand is how it works.
A JWT consists of a payload which is protected using a SECRET_KEY. A JWT has tow main functions
gabru-md ~ $ python
jwt library into python shellimport jwt
import datetime
payload = {
"user": user.username,
"exp": datetime.datetime.utcnow() + datetime.timedelta(seconds=900)
}
SECRET_KEY for our JWTSECRET_KEY. To create one, just follow the steps below.from flask import Flask
app = Flask(__name__)
app.config['SECRET_KEY'] = 'somesuperrandomsecretkeynoonecancrack'
SECRET_KEYtoken = jwt.encode(payload, app.config.get('SECRET_KEY')
print(token.decode('UTF-8'))
Output will be something like
u'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibWFuaXNoIn0.JX4_nxeJAY8lOSrTiyzU43eKt-qEWXtNhkPwfLWanUY'
Congratulations , Now you have your very own JSON Web Token for your User, which will expire in exactly 900 seconds or 15 minutes :)
I hope to write another blog on Authentication using JWT very soon. Please let me know If you like this post .
Thank you for reading :)
My Github : github@gabru-md
Link to my PR : here