In [1]:
import jwt
key = 'secret'
encoded = jwt.encode({'some': 'payload'}, key, algorithm='HS256')
encoded

b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzb21lIjoicGF5bG9hZCJ9.Joh1R2dYzkRvDkqv3sygm5YyK8Gi4ShZqbhK2gxcs2U'

In [2]:
decoded = jwt.decode(encoded, key, algorithms='HS256')
decoded

{'some': 'payload'}

PyJWT also supports the leeway part of the expiration time definition, which means you can validate a expiration time which is in the past but not very far. For example, if you have a JWT payload with a expiration time set to 30 seconds after creation but you know that sometimes you will process it after 30 seconds, you can set a leeway of 10 seconds in order to have some margin:

In [9]:
import datetime
import time
jwt_payload = jwt.encode({
    'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=3)
}, 'secret')

time.sleep(4)

# JWT payload is now expired
# But with some leeway, it will still validate
jwt.decode(jwt_payload, 'secret', leeway=1, algorithms=['HS256'])
# jwt.decode(jwt_payload, 'secret', leeway=datetime.timedelta(seconds=10), algorithms=['HS256'])

{'exp': 1594661649}

In [12]:
# If the issuer claim is incorrect, jwt.InvalidIssuerError will be raised.
payload = {
    'some': 'payload',
    'iss': 'urn:foo'
}

token = jwt.encode(payload, 'secret')
decoded = jwt.decode(token, 'secret', issuer='urn:foo', algorithms=['HS256'])
decoded

{'some': 'payload', 'iss': 'urn:foo'}