Welcome to Requests-JWT’s documentation!¶
JWTAuth(secret, alg=u'HS256', header_format=u'JWT token="%s"')¶
An Authorization/Authentication system for
requests, implementing JSON Web Tokens.
The basic usage is this:
auth = JWTAuth(secret) # Maybe add more fields to the payload (see below) resp = requests.get('http://example.com/', auth=auth)
You can add fields to the signed payload using the
This is a ‘Custom Authentication’ mechanism for Kenneth Reitz’s Requests library; see the example in the docs for some context.
For more on JSON Web Tokens, see the standard.
See the documentation of
PyJWTfor the list of available algorithms.
Add a field to the JWT payload.
- name: The name of the field. Should be a string.
- generator: a value or generator, the value of the field.
If generator is callable, then each time a request is made with this JWTAuth, the generator will be called with one argument: a PreparedRequest object. See this page for a list of the available properties:
For instance, here is field that will have your JWT sign the path that it is requesting:
auth.add_field('path', lambda req: req.path_url)
If generator is not callable, it will be included directly in the JWT payload. It could be a string or a JSON-serializable object.
This module provides several payload fields ready to go:
expire()is also a wrapper around
Adds the standard ‘exp’ field, used to prevent replay attacks.
Adds the ‘exp’ field to the payload. When a request is made, the field says that it should expire at now + secs seconds.
Of course, this provides no protection unless the server reads and interprets this field.
Modify the contents of the
Authorization:header. This must be a format string with one
A generator that will include the request method in the JWT payload.
>>> auth = JWTAuth('secret') >>> auth.add_field('method', payload_method)
A generator that will include the request’s path (‘/blah/index.html’) in the JWT payload.
>>> auth = JWTAuth('secret') >>> auth.add_field('path', payload_path)
A generator that will include the sha256 signature of the request’s body in the JWT payload. This is only done if the request could have a body: if the method is POST or PUT.
>>> auth = JWTAuth('secret') >>> auth.add_field('body', payload_body)