# JSON Web Token(JWT) 실습

In [1]:
import hmac
import hashlib
import base64

## 토큰 생성

### 입력

* header object

```
{
    "typ": "JWT",
    "alg": "HS256"
}
```

* payload object

```
{
    "iss": "fun-with-jwts",
    "sub": "AzureDiamond",
    "jti": "f6c1097f-cc48-4949-a627-8b94fc5e37ba",
    "iat": 1596185001,
    "exp": 1596185061
}
```

* secret

```
my-secret
```

### 출력

* token

```
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJmdW4td2l0aC1qd3RzIiwic3ViIjoiQXp1cmVEaWFtb25kIiwianRpIjoiZjZjMTA5N2YtY2M0OC00OTQ5LWE2MjctOGI5NGZjNWUzN2JhIiwiaWF0IjoxNTk2MTg1MDAxLCJleHAiOjE1OTYxODUwNjF9.UXvXY97CNcHv7LobrBagePBPeGiW2F-Z-nuINSmUy5k
```

In [2]:
def create_jwt_token(header_obj, payload_obj, secret):
    header = base64.urlsafe_b64encode(header_obj.encode('utf-8')).decode('utf-8')
    payload = base64.standard_b64encode(payload_obj.encode('utf-8')).decode('utf-8')
    header_plus_payload = f'{header}.{payload}'
    
    m = hmac.new(secret.encode('utf-8'), digestmod=hashlib.sha256)
    m.update(header_plus_payload.encode('utf-8'))
    d = m.digest()
    signature = base64.urlsafe_b64encode(d).decode('utf-8').rstrip('=')

    jwt_token = f'{header_plus_payload}.{signature}'
    return jwt_token

header_obj = '{\
"typ":"JWT",\
"alg":"HS256"\
}'

payload_obj = '{\
"iss":"fun-with-jwts",\
"sub":"AzureDiamond",\
"jti":"f6c1097f-cc48-4949-a627-8b94fc5e37ba",\
"iat":1596185001,\
"exp":1596185061\
}'

secret = 'my-secret'

jwt_token = create_jwt_token(header_obj, payload_obj, secret)
print('** JWT token **')
print(jwt_token)

** JWT token **
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJmdW4td2l0aC1qd3RzIiwic3ViIjoiQXp1cmVEaWFtb25kIiwianRpIjoiZjZjMTA5N2YtY2M0OC00OTQ5LWE2MjctOGI5NGZjNWUzN2JhIiwiaWF0IjoxNTk2MTg1MDAxLCJleHAiOjE1OTYxODUwNjF9.UXvXY97CNcHv7LobrBagePBPeGiW2F-Z-nuINSmUy5k


## 토큰이 유효한지 확인

### 입력

* token

```
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJmdW4td2l0aC1qd3RzIiwic3ViIjoiQXp1cmVEaWFtb25kIiwianRpIjoiZjZjMTA5N2YtY2M0OC00OTQ5LWE2MjctOGI5NGZjNWUzN2JhIiwiaWF0IjoxNTk2MTg1MDAxLCJleHAiOjE1OTYxODUwNjF9.UXvXY97CNcHv7LobrBagePBPeGiW2F-Z-nuINSmUy5k
```

* Base64Url(header) + '.' + Base64Url(payload)

```
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJmdW4td2l0aC1qd3RzIiwic3ViIjoiQXp1cmVEaWFtb25kIiwianRpIjoiZjZjMTA5N2YtY2M0OC00OTQ5LWE2MjctOGI5NGZjNWUzN2JhIiwiaWF0IjoxNTk2MTg1MDAxLCJleHAiOjE1OTYxODUwNjF9
```

* secret

```
my-secret
```

### 출력

* signature

```
UXvXY97CNcHv7LobrBagePBPeGiW2F-Z-nuINSmUy5k
```

In [3]:
def validate_jwt_token(token, secret):
    pos = token.rfind('.')
    header_plus_payload = token[:pos]
    signature = token[pos+1:]
    
    m = hmac.new(secret.encode('utf-8'), digestmod=hashlib.sha256)
    m.update(header_plus_payload.encode('utf-8'))
    d = m.digest()
    
    sig_derived = base64.urlsafe_b64encode(d).decode('utf-8').rstrip('=')
    
    return sig_derived == signature

token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJmdW4td2l0aC1qd3RzIiwic3ViIjoiQXp1cmVEaWFtb25kIiwianRpIjoiZjZjMTA5N2YtY2M0OC00OTQ5LWE2MjctOGI5NGZjNWUzN2JhIiwiaWF0IjoxNTk2MTg1MDAxLCJleHAiOjE1OTYxODUwNjF9.UXvXY97CNcHv7LobrBagePBPeGiW2F-Z-nuINSmUy5k'
secret = 'my-secret'

is_valid = validate_jwt_token(token, secret)
print(f'** is_valid: {is_valid} **')

** is_valid: True **
