Assignment: Working With JWT in Python
1. Objective
By the end of this assignment, you should be able to:
- Understand what JWTs are and why they are used
- Create and verify JWTs in Python
- Implement JWT-based authentication in a simple API
- Handle expiration and errors securely
2. Background Theory (Short Summary)
A JSON Web Token (JWT) is a compact, URL-safe token used for authentication and authorization. A JWT has three parts:
header.payload.signature
- Header – declares the algorithm (e.g., HS256) and token type
- Payload – contains claims (user data, expiry time, etc.)
- Signature – verifies the token was not tampered with
Common Python libraries for JWT include:
pyjwt(most common)python-joseauthlib
3. Tasks
Task 1: Install Dependencies
Install PyJWT:
pip install PyJWT
Task 2: Create a Simple JWT
Write a Python script that:
-
Imports the PyJWT library
-
Creates a payload with:
- username
- issued time (
iat) - expiration time (
exp)
-
Signs the token using a secret key
-
Prints the token
Example structure:
import jwt
import datetime
secret = "mysecret123"
payload = {
"username": "alice",
"iat": datetime.datetime.utcnow(),
"exp": ???
}
token = jwt.encode(payload, secret, algorithm="HS256")
print(token)
Your job: calculate expiration to be 1 minute in the future.
Task 3: Decode and Verify JWT
Create another script or function that:
- Accepts a JWT token
- Verifies the signature
- Checks the expiration
- Prints the decoded payload
Example:
decoded = jwt.decode(token, secret, algorithms=["HS256"])
Your job: handle exceptions (ExpiredSignatureError, InvalidTokenError) and print custom messages.