Skip to content

sho-luv/jwt_server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 
jwt_server.py
jwt_server.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

JWT Server

This is a simple Flask server that demonstrates how to generate, handle, and check JSON Web Tokens (JWTs) in a web application. The server provides endpoints for generating JWTs, handling JWTs without signature verification, and checking JWTs with optional signature verification.

Features

  • Generate JWTs with a specified payload
  • Handle JWTs without verifying their signature
  • Check incoming requests for JWTs and optionally verify their signature
  • Command-line flag to enable or disable JWT signature checks
  • Command-line flag to change signature verification

Prerequisites

  • Python 3.x
  • Flask
  • PyJWT

Installation

  1. Clone the repository:

    git clone https://github.com/sho-luv/jwt_server.git

  2. Navigate to the project directory:

    cd jwt-server

  3. Install the required dependencies:

    pip install -r requirements.txt

Usage

  1. Set your secret key:

    Replace "YOUR_SECRET_KEY" in the code with your own secret key. This key is used to sign and verify JWTs.

  2. Run the server:

    python jwt_server.py

    By default, the server runs without signature checks. To enable signature checks, use the --check-signature flag:

    python jwt_server.py --check-signature

  3. Make requests to the server:

    • To generate a JWT, send a POST request to /generate-jwt with a JSON payload containing the desired claims.
    • To handle a JWT without signature verification, send a POST request to /handle-jwt with a JSON payload containing the JWT.
    • To check a JWT with optional signature verification, send a POST request to /check-jwt with the JWT included in the Authorization header as a bearer token.

API Endpoints

  • POST /generate-jwt: Generates a JWT with the provided payload.
  • POST /handle-jwt: Handles a JWT without verifying its signature.
  • POST /check-jwt: Checks an incoming request for a JWT and optionally verifies its signature.

Command-line Flags

  • --check-signature: Enables JWT signature checks. If not provided, the server runs without signature checks.

Examples

Generate a JWT:

curl -X POST -H "Content-Type: application/json" -d '{"username": "john", "email": "john@example.com"}' http://localhost:5000/generate-jwt

Handle a JWT without signature verification:

curl -X POST -H "Content-Type: application/json" -d '{"jwt_token": "YOUR_JWT_TOKEN"}' http://localhost:5000/handle-jwt

Check a JWT with signature verification:

curl -X POST -H "Authorization: Bearer YOUR_JWT_TOKEN" -H "Content-Type: application/json" http://localhost:5000/check-jwt

License

This project is licensed under the MIT License.

About

I wrote to help test some JWT security issues. It will generate JWTs if requested, or check them if submitted

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages