# What is a JWT?

## Authentication/Authorization

![HTTP Flow](./images/HTTPFlow.jpeg)

## Example

In [1]:
my_jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJoYXJyeSBwb3R0ZXIiLCJpYXQiOjE3MzU2NTg0NzksImV4cCI6MTczNTY2NTY3OSwibmJmIjoxNzM1NjU4NDc0LCJhdWQiOiJhY2Npby1jb29raWVzLXdlYnNpdGUifQ.utbLXqZ28xUvvCjbUEmCwv6xbuUQ8yyzW-2a9mWdkng'

In [None]:
my_jwt.split('.')

3 parts
- header
- payload
- signature

In [10]:
import base64
import json
from datetime import datetime, timezone, timedelta

In [None]:
payload_encoded = 'eyJzdWIiOiJoYXJyeSBwb3R0ZXIiLCJpYXQiOjE3MzU2NTg0NzksImV4cCI6MTczNTY2NTY3OSwibmJmIjoxNzM1NjU4NDc0LCJhdWQiOiJhY2Npby1jb29raWVzLXdlYnNpdGUifQ'

def base64_urldecode(input_str: str):
    input_bytes = input_str.encode('utf-8')

    # apply padding for base64
    rem = len(input_bytes) % 4 
    if rem > 0:
        input_bytes += b"=" * (4 - rem)

    # base-64 decode
    output_str = base64.urlsafe_b64decode(input_bytes).decode('utf-8')
    output_dict = json.loads(output_str)

    return output_dict

base64_urldecode(payload_encoded)

In [None]:
print('iat: ', datetime.fromtimestamp(1735658479))
print('exp: ', datetime.fromtimestamp(1735665679))
print('nbf: ', datetime.fromtimestamp(1735658474))

In [None]:
encoded_header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
base64_urldecode(encoded_header)

- encoded_header + '.' + payload_encoded
- hashing algorithm
- secret key (only on the server)

## PyJWT

### Create token

In [None]:
import jwt

now = datetime.now(timezone.utc)
some_other_time = datetime(2024, 1, 1, tzinfo=timezone.utc)
SECRET_KEY = '495b6eeecf7a737cef2f0896f1a6694d37755dcdda3cbcf91777006868a7cedf'
SIGNING_ALGORITHM = "HS256"
AUD = 'super-magical-website'

payload = {
    'sub': 'albus dumbledore',
    'iat': now,
    'nbf': now,
    'exp': now + timedelta(days=2),
    'aud': AUD
}

encoded_jwt = jwt.encode(
    payload, 
    SECRET_KEY, 
    algorithm=SIGNING_ALGORITHM
)
encoded_jwt

### Validate token

In [None]:
decoded_payload = jwt.decode(
    encoded_jwt, 
    SECRET_KEY, 
    audience=AUD, 
    algorithms=[SIGNING_ALGORITHM])

decoded_payload