#!/usr/bin/env python from jwkest import b64d from jwkest.jws import JWS # A specific JWT is a sequence of URL-safe parts separated by a period '.' character. # All JWT parts are always base64 encoded. A JWT can have different claims (similar to attributes in LDAP world): # - iss (Issuer) who issued the token # - sub (Subject) who is described by the token # - aud (Audience) who the token intended for # - exp (Expiration Time) # - nbf (Not Before) # - iat (Issued At) # - jti (JWT Id) # # An unsecured JWT is the simplest JWT possible. It can be created as follow: # - create a JOSE header (the simplest possible has only the "alg" specification set to "none") # - create a claims set (which means create a JSON object) # - base64 encode the claims set (message and header) and encode them in UTF-8 # - create the JWS by joining the claims set with the period '.' character as a separator # # Using the jwkest library the JWT can be created as follow. jwt = JWS({"foo": "bar"}, alg="none").sign_compact() print "jwt:", jwt print for p in jwt.split('.'): p = p.encode("utf8") print "-", type(p), b64d(p)
# 2 txt = json.dumps(claims_set) msg = b64e(txt) # 3 header = {"alg": "none"} htxt = json.dumps(header) hdr = b64e(htxt) # (4,5),6 jws = ".".join([hdr, msg, ""]) print("JWT={}".format(jws)) # ============================================================================ # Higher level from jwkest import b64d from jwkest.jws import JWS # JWS is A class that can be used for signing and verifying signatures jws = JWS({"foo": "bar"}, alg="none").sign_compact() print("JWT={}".format(jws)) print("") # decode and print the different parts. No verification is done. for p in jws.split("."): p = p.encode("utf8") print(b64d(p))