我想在Python中手动生成JWT令牌,而不使用任何库。我搜索了详细的信息或教程,但无法找到。关于Python中的JWT的所有信息都包括在库中。是否有任何资源可以帮助我生成Python的JWT令牌?
我想在Python中手动生成JWT令牌,而不使用任何库。我搜索了详细的信息或教程,但无法找到。关于Python中的JWT的所有信息都包括在库中。是否有任何资源可以帮助我生成Python的JWT令牌?
import base64
import json
import hmac
import hashlib
from datetime import datetime, timedelta
api_key = 'XXXXXX'
api_sec = 'XXXXXX'
due_date = datetime.now() + timedelta(minutes=10)
expiry = int(due_date.timestamp())
def base64url_encode(input: bytes):
return base64.urlsafe_b64encode(input).decode('utf-8').replace('=','')
def jwt(api_key, expiry, api_sec):
segments = []
header = {"typ": "JWT", "alg": "HS256"}
payload = {"iss": api_key, "exp": expiry}
json_header = json.dumps(header, separators=(",",":")).encode()
json_payload = json.dumps(payload, separators=(",",":")).encode()
segments.append(base64url_encode(json_header))
segments.append(base64url_encode(json_payload))
signing_input = ".".join(segments).encode()
key = api_sec.encode()
signature = hmac.new(key, signing_input, hashlib.sha256).digest()
segments.append(base64url_encode(signature))
encoded_string = ".".join(segments)
return encoded_string
def base64url_decode(input):
return base64.urlsafe_b64decode(input)
def base64url_encode(input):
stringAsBytes = input.encode('ascii')
stringAsBase64 = base64.urlsafe_b64encode(stringAsBytes).decode('utf-8').replace('=','')
return stringAsBase64
def jwt_creator(expiration, userid, userrole):
header = {
"alg": "HS256",
"typ": "JWT"
}
payload = {'expired': expiration,
'userid': userid,
'userrole': userrole
}
secret_key = secrets.token_urlsafe(32)
total_params = str(base64url_encode(json.dumps(header))) + '.' + str(base64url_encode(json.dumps(payload)))
signature = hmac.new(secret_key.encode(), total_params.encode(), hashlib.sha256).hexdigest()
token = total_params + '.' + str(base64url_encode(signature))
return token
urlsafe_b64decode()
时,您可以完全省略填充,即只需调用 return base64.urlsafe_b64decode(input)
。 - Alexander Farber