# Playing with JWT token

## 1. Introduction to JWTs

JWT(JSON Web Tokens) are a very compact way to carry information. They are defined as a 3 part structure consisting of:
- a header,
- a payload,
- a signature.

The header and payload both have what we call **claims**, they are statements about an entity and all additional data that needs to be passed in the request:

- In the header, we find claims about the token itself, like what algorithm was used for signing that token;
- While the payload (or the body) carries information about a given asset. In a login scenario, this would be information about the user.

The final part is the **signature**, and it helps you ensure that a given token wasn't tampered with because signing JWTs requires either a secret or a public/private key pair agreed on previously. The signature itself is based on the header and payload, in combination with a secret, or private/public key pair, depending on the algorithm.

Claims follow the standard key-value pairing that you see in dictionaries and JSON objects, and most of the claims commonly used in **JWTs have a standardized naming defined in the JWT specification (RFC7519)**. In the RFC7519, you'll also find the description of what each claim means.

## 2. An JWT token example

As we mentioned, JWTs consist of three parts separated by dots (.), which are:

- Header
- Payload
- Signature

- Therefore, a JWT typically looks like the following.

header-data.payload-data.signature

### 2.1 Header

The header typically consists of two parts:

- type of the token, which is JWT,
- hashing algorithm such as HMAC SHA256 or RSA.

For example:

```json
{
  "alg": "HS256",
  "typ": "JWT"
}
```

Then, **this JSON is Base64Url encoded to form the first part of the JWT.**

### 2.2 Payload

The second part of the token is the payload, which contains the claims. **Claims are statements about an entity (typically, the user) and additional metadata**. There are three types of claims:
- reserved: These are a set of predefined claims, which are not mandatory but recommended, thought to provide a set of useful, interoperable claims. Some of them are: iss (issuer), exp (expiration time), sub (subject), aud (audience), among others.
- public: These can be defined at will by those using JWTs. But to avoid collisions they should be defined in the IANA JSON Web Token Registry or be defined as a URI that contains a collision resistant namespace.
- private: These are the custom claims created to share information between parties that agree on using them.


**Notice that the claim names are only three characters long as JWT is meant to be compact.**

An example of payload could be:
```json
{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true
}
```

**The payload is then Base64Url encoded to form the second part of the JWT.**


### 2.3 Signature

To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way.

```text
HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  secret)

```

The signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message was’t changed in the way.


### 2.4 Putting all together

The output is three Base64 strings separated by dots that can be easily passed in HTML and HTTP environments, while being more compact compared to XML-based standards such as SAML.

The following shows a JWT that has the previous header and payload encoded and it is signed with a secret.

```text
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.dyt0CoTl4WoVjAHI9Q_CwSKhl6d_9rhM3NrXuJttkao
```

You can browse to [jwt.io](https://jwt.io/) where you can play with a JWT and put these concepts in practice. jwt.io allows you to decode, verify and generate JWT.

## 3. How JWTs works?

In authentication, when the user successfully logs in using their credentials, a JSON Web Token will be returned. Since tokens are credentials, great care must be taken to prevent security issues. In general, you should not keep tokens longer than required.

You also should not store sensitive session data in browser storage due to lack of security.

Whenever the user wants to access a protected route, it should send the JWT, typically in the Authorization header using the Bearer schema. Therefore the content of the header should look like the following.

Authorization: Bearer <token>

This is a stateless authentication mechanism as the user state is never saved in the server memory. The server’s protected routes will check for a valid JWT in the Authorization header, and if there is, the user will be allowed. As JWTs are self-contained, all the necessary information is there, reducing the need of going back and forward to the database.

This allows to fully rely on data APIs that are stateless and even make requests to downstream services. It doesn’t matter which domains are serving your APIs, as Cross-Origin Resource Sharing (CORS) won’t be an issue as it doesn’t use cookies.

![jwt-mechanism.png](../images/jwt-mechanism.png)


If you want to know more about jwt, I recommend the "JWT Handbook" available for [free](https://auth0.com/resources/ebooks/jwt-handbook).

## 4. Preparing your env

### 4.1 Generating an RSA key pair

To sign your tokens with an asymmetric algorithm like RS256, you'll need a public/private key pair. I'll explain more about what this is in the next section, but for now, if you'd like to follow the tutorial, you'll need to have an RSA key pair. It is possible you already got a pair you want to use but, in case you need to generate a new one, here's what I did for generating a key pair I used in this example:

```shell
mkdir -p ~/jwts-in-python/.ssh
cd ~/jwts-in-python/.ssh
ssh-keygen -t rsa
```

The above command will prompt for a location to save the generated key-pair. Enter below line:
```text
~/jwts-in-python/.ssh/id_rsa
```
Then it will ask a password for protecting the private key. You can choose empty password as well. After this, you should see two files

- id_rsa : private key
- id_rsa.pub : public key

### 4.2 Installing requirements

To play with JWT in python, you'll need to install **PyJWT with the cryptography package as a dependency**. This dependency will give you the ability to sign and verify JWTs signed with asymmetric algorithms.

```shell
poetry add pyjwt[crypto]
```

## 5. Create a JWT token

Note normally, you shouldn't create your own tokens. The service which you want to access often provide an authentication service that will provide tokens to you. Because JWTs can be read by anyone as long as they have the secret or public key, it is really important to follow industry standards to avoid complications like data and security breaches.

So we create one token only for demonstration purpose.


In [1]:
import jwt
from cryptography.hazmat.primitives import serialization
import calendar
import time

### 5.1 Step 1 Prepare token data
Before we generate a token, you'll want to create some data to pass in the JWT payload and a secret to sign the token using the **HS256** algorithm. So let's create a dictionary to hold some user data, and the secret.

My payload data have three claims:

- sub: which is the user identifier or subject of this token;
- name: which is the user's full name;
- nickname: also my user's nickname.

Keep in mind that I'm using some sample data which tells you who my user is in my example, and now the work is pretty much done!

In [2]:
payload_data = {
    "sub": "4242",
    "name": "Pengfei Liu",
    "nickname": "fatman"
}

my_secret = 'my_untold_secret'

### 5.2 Step2 : Sign a token with a hashing algorithm

By signing the token, we can make sure that the **integrity** of the claims in the token is verifiable. We're going to use an **HMAC algorithm** (or a symmetric algorithm) first.

A symmetric algorithm uses a hashing function and a secret key that both parties will use to generate and validate the signature. **We generally recommend using RS256, which is an asymmetric algorithm**.

We can call the encode method from the jwt object, pass the dictionary I just created, and let that method do its magic for us. And by this, I mean that the encode method takes care of creating the standard header, encoding everything, and signing the token with my secret

In [3]:
token = jwt.encode(
    payload=payload_data,
    key=my_secret
)

Now before I print this token, I'd like to point out three things:

1. The key parameter actually works for either a key or a secret. In this demo, I'm using a secret because the algorithm used by default on the encode method is the **HS256** which only requires a secret for signing;
2. In real life, you'll have an actual secret being used instead of this sample string;
3. If you were using an asymmetric algorithm for signing like **RS256**, you would need to use the private key for signing.

In [4]:
print(token)

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MjQyIiwibmFtZSI6IlBlbmdmZWkgTGl1Iiwibmlja25hbWUiOiJmYXRtYW4ifQ.vqfXSdPTZU_o8FCxy9NZfa5Iyo47qbAdJuFvcJeR-0o


You can copy the output string to [jwt.io](https://jwt.io/) to test it. You will see result in below figure

![jwt-exp1-no-secret.PNG](../images/jwt-exp1-no-secret.PNG)

You can already check all the data in payload, but it shows that your token signature is invalid. That's because you need to provide the correct secret in the secret field. Once you fix that, the token gets verified, as you can see in the picture below!

![jwt-exp1-with-secret.PNG](../images/jwt-exp1-with-secret.PNG)

You can see in the picture above that I've got a header with two claims even though I specified nothing for the header. That's a feature of PyJWT, which add default header for us:

- typ: which is used to say which type of token this is;
- alg: which we use for the saying which algorithm we are using for signing the JWT.



### 5.3 Sign a token with RS256 an asymmetric algorithm

**Asymmetric algorithms is a good way to sign tokens** because if you have a public key hosted somewhere, let's say your website, anyone could check to see whether you signed that token. Just a little recall, asymmetric algorithms like RS256 are those algorithms that use a private key for signing, and a public key for verifying the signature.

First we need to load the private key. Now, this is where the cryptography package comes into play. You'll need to import the serialization module from the package for loading an RSA key. Remember the public/private key pair that we generated by using the ssh-keygen without a password on the .ssh folder inside my working directory. Now all you have to do is load that keys:

In [7]:
pri_key_path = "/home/pliu/jwts-in-python/.ssh/id_rsa"
# read and load the key
private_key = open(pri_key_path, 'r').read()

# as our private key is not protectd by a password. so we just pass an empty byte.
key = serialization.load_ssh_private_key(private_key.encode(), password=b'')

In [8]:
# We can use the loaded private key to sign the token now
# Note we need to specify the signing algo this time.
asym_token = jwt.encode(
    payload=payload_data,
    key=key,
    algorithm='RS256'
)

In [9]:
print(asym_token)

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0MjQyIiwibmFtZSI6IlBlbmdmZWkgTGl1Iiwibmlja25hbWUiOiJmYXRtYW4ifQ.K1Ca3HdxOXdSymZ74GRN2go3OyXtthVNQHks9D4tV0M61hKXYtL_8WLDSVMPHjkYvrAkVplBfDwtW2094ZBipKnJCsa1-iVCmL1XoOOoyaEb34L4YM6yjzLvw57csir6eP9ZfWS9cJFn-sCEJ4HJNdnZRQCM7XRf3rjyIQ0l-d5bEfURpPbw8g6pBSUDB5KuVupQ1k_IRvGEkg6vZ9cLY55yqhF3hChG-cRl79XgOOxgrV1cvVQCZQUb-5d5Oss9yOc-4ssB1xMJ4rRdq3jpTiRU1ruyHC0I_iMeLCFFQI4pK2Q29tivKPmFCWyVhTqj2NASh-uH8CxrA21LiBwdiIyq9um6ec2t0DZzCLGfMix4S32-K5cuM-G5m1fYlOsyE30LTA23O7Px4XKu0l8_7qVbeqE_-_6qABE6HkNO63W_3gCHOkUl0T0V6HlAg7jaDB3Zd2PP1B2y-MPfRtAjCHD4OeUMG0bXh-l35stSmxazeN8S3xKILXToE1_6sYak


## 6. Verify a JWT in python

### 6.1 A simple example

We have seen how to verify a token with jwt.io. Now we need to do it with pyJWT. With PyJWT, verifying a token signed with a hashing algorithm would take one simple line of code! We only need to use the decode method and pass along the token and the secret like this:

In [12]:
# note the decode method returns directly the payload.
output_payload = jwt.decode(token, key='my_untold_secret', algorithms=['HS256', ])
print(output_payload)

{'sub': '4242', 'name': 'Pengfei Liu', 'nickname': 'fatman'}


Note If the verification had failed, you'd see an **InvalidSignatureError** instead of the payload data, which indicates that the Signature verification failed.

Also, this step was simple because I already know my token was generated using the HS256 algorithm, and I know the secret I need to decode it. But let's say you don't know what algorithm was used to generate this token, right? So you could go to jwt.io again and check the contents of the header to find the alg claim, or you could use PyJWT to do it.

### 6.2 Get Jwt header

You could check out the contents of the header by hand if you wanted to, like separating the string by each dot, then decoding the header portion, and so on but, pyJWT provide the get_unverified_header method, and it is pretty simple, check this out:

In [13]:
jwt.get_unverified_header(token)

{'typ': 'JWT', 'alg': 'HS256'}

So we can transform the one liner into below code, which works even-though we don't know the signing algo

In [14]:
# saving the header claims into a variable
header_data = jwt.get_unverified_header(token)
# using that variable in the decode method
jwt.decode(
    token,
    key=my_secret,
    algorithms=[header_data['alg'], ]
)

{'sub': '4242', 'name': 'Pengfei Liu', 'nickname': 'fatman'}

Or even better, we can create a function

In [23]:
def verify_jwt(input_token, secret_key):
    header = jwt.get_unverified_header(input_token)
    # using that variable in the decode method
    res = jwt.decode(
        input_token,
        key=secret_key,
        algorithms=[header['alg'], ]
    )
    return res


In [24]:
print(verify_jwt(token, my_secret))

{'sub': '4242', 'name': 'Pengfei Liu', 'nickname': 'fatman'}


### 6.3 Decode a token with an asymmetric algorithm

Now let's verify the signature of a token that use the asymmetric signing algorithm. This time, we will need to load the public key, and loading the public key takes the same 3 steps we did for loading the private key, only varying the method used to actually load the key and the key path, let's check below:

In [15]:
pub_key_path = "/home/pliu/jwts-in-python/.ssh/id_rsa.pub"
public_key = open(pub_key_path, 'r').read()
pub_key = serialization.load_ssh_public_key(public_key.encode())

In [17]:
jwt.decode(jwt=asym_token, key=pub_key, algorithms=['RS256', ])

{'sub': '4242', 'name': 'Pengfei Liu', 'nickname': 'fatman'}

Let try it again with the verify function that we create above

In [25]:
print(verify_jwt(asym_token, pub_key))

{'sub': '4242', 'name': 'Pengfei Liu', 'nickname': 'fatman'}


## 7. Check the Expiration Date on a JWT

Another thing that you should do while parsing/validating a JWT is to check whether it is expired because you, or better yet, the service you are building, **must not** accept expired tokens.

First, let's add an expiration field in the payload. Below code will get the current time in millisecond since `epoch`.


The token in the example below has an expiration date set in the "past" for you that are reading this article today. Let's prepare to decode the token:

In [31]:
# get current time in gmt timezone
current_gmt = time.gmtime()
print(current_gmt)

# get the timestamp of current gmt
current_ts = calendar.timegm(current_gmt)
print("current timestamp: ", current_ts)

time.struct_time(tm_year=2022, tm_mon=5, tm_mday=14, tm_hour=9, tm_min=35, tm_sec=33, tm_wday=5, tm_yday=134, tm_isdst=0)
current timestamp:  1652520933


Below function will build an expiration timestamp based on current time. It can be a date in the future(increase=True) or in the past(increase=False)

In [34]:
def get_expiration_ts(time_in_second: int, increase=True) -> int:
    current = calendar.timegm(time.gmtime())
    if increase:
        return current + time_in_second
    else:
        return current - time_in_second

In [35]:
# note the exp is a reserved claim to specify the expiration date of the token
payload_with_expiration = {
    "sub": "4242",
    "name": "Pengfei Liu",
    "nickname": "fatman",
    "exp": get_expiration_ts(2000)
}

In [37]:
token_with_expiration = jwt.encode(
    payload=payload_with_expiration,
    key=my_secret
)
print(token_with_expiration)

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MjQyIiwibmFtZSI6IlBlbmdmZWkgTGl1Iiwibmlja25hbWUiOiJmYXRtYW4iLCJleHAiOjE2NTI1MjM1MzF9.IC0PXNMH4pGre1m9dCO3p70odyMtVKu3UcYsYLi0Qx4


Now let's check the above token in jwt.io. You should see below picture.

![jwt-exp1-with-expiration-date.PNG](../images/jwt-exp1-with-expiration-date.PNG)

You can notice that in the payload, we have an expiration date.

Let's check with our function

In [38]:
print(verify_jwt(token_with_expiration, my_secret))

{'sub': '4242', 'name': 'Pengfei Liu', 'nickname': 'fatman', 'exp': 1652523531}


So far so good. Now let's try with a token that is already expired.

In [39]:
payload_with_bad_expiration = {
    "sub": "4242",
    "name": "Pengfei Liu",
    "nickname": "fatman",
    "exp": get_expiration_ts(2000, increase=False)
}

In [40]:
token_with_bad_expiration = jwt.encode(
    payload=payload_with_bad_expiration,
    key=my_secret
)
print(token_with_bad_expiration)

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MjQyIiwibmFtZSI6IlBlbmdmZWkgTGl1Iiwibmlja25hbWUiOiJmYXRtYW4iLCJleHAiOjE2NTI1MjAwMTN9.HLNihqQjFTNu8g4rKC9jgdfNaa5iNHbdWh6asgVtIKs


With above code, we generate a token that is expired 2000 seconds ago.
Now, let's try to verify the token

In [42]:
print(verify_jwt(token_with_bad_expiration, my_secret))

ExpiredSignatureError: Signature has expired

We got a **ExpiredSignatureError**, because PyJWT is such a great tool, it already took care of handling the verification for you, so if you try to decode an expired token, you get an error instead of the payload. You can copy the token and test it in jwt.io. You cloud see the payload with an outdated expiration date. So to avoid this error, we recommend you to use a try except when you try to decode a JWT token

In [44]:
from jwt import ExpiredSignatureError

def read_jwt(input_token, pub_key):
    header = jwt.get_unverified_header(input_token)
    # using that variable in the decode method
    res = None
    try:
        res = jwt.decode(
            input_token,
            key=pub_key,
            algorithms=[header['alg'], ]
        )
    except ExpiredSignatureError as error:
        print(f'Unable to decode the token, error: {error}')
    return res

In [45]:
read_jwt(token_with_bad_expiration,my_secret)

Unable to decode the token, error: Signature has expired


## 8 Ignore some errors

In some situation, you may want to ignore some errors. For example, if someone singing a token with a pri/pub key paire. And you don't have access of the public key. But you still want to check the content of the payload. Or you are checking an expired token. With the above option, you will not be able to see them. Because you will receive error. To ignore the error, you can use two useful options:
 - "verify_signature": False
 - "verify_exp": False

**Note this is for development only. Don't do this in production. Never trust a token which is expired or not verified. **

In [11]:
bad_token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0MjQyIiwibmFtZSI6IlBlbmdmZWkgTGl1Iiwibmlja25hbWUiOiJmYXRtYW4iLCJleHAiOjE2NTI1MjM1MzF9.IC0PXNMH4pGre1m9dCO3p70odyMtVKu3UcYsYLi0Qx4"

In [12]:
header = jwt.get_unverified_header(bad_token)
print(header)

{'typ': 'JWT', 'alg': 'HS256'}


For example, you want to read the content, but you don't know the secret key.

In [15]:
payload=jwt.decode(bad_token,key="none",
            algorithms=[header['alg'], ])

InvalidSignatureError: Signature verification failed

To avoid this signature verification failed error, You can use below code

In [16]:
res = jwt.decode(
            bad_token,
            options={"verify_signature": False}
        )

In [17]:
print(res)

{'sub': '4242', 'name': 'Pengfei Liu', 'nickname': 'fatman', 'exp': 1652523531}


If you also want to ignore the expiration error. You can use below code

In [None]:
res = jwt.decode(
            bad_token,
            options={"verify_signature": False,
                     "verify_exp": False
                     }
        )

