Assignment: Working With JWT in Python#
1. Objective#
By the end of this assignment, you should be able to:
Understand what JWTs are and why they are used
Create and verify JWTs in Python
Implement JWT-based authentication in a simple API
Handle expiration and errors securely
2. Background Theory (Short Summary)#
A JSON Web Token (JWT) is a compact, URL-safe token used for authentication and authorization. A JWT has three parts:
header.payload.signature
Header โ declares the algorithm (e.g., HS256) and token type
Payload โ contains claims (user data, expiry time, etc.)
Signature โ verifies the token was not tampered with
Common Python libraries for JWT include:
pyjwt(most common)python-joseauthlib
3. Tasks#
Task 1: Install Dependencies#
Install PyJWT:
pip install PyJWT
Task 2: Create a Simple JWT#
Write a Python script that:
Imports the PyJWT library
Creates a payload with:
username
issued time (
iat)expiration time (
exp)
Signs the token using a secret key
Prints the token
Example structure:
import jwt
import datetime
secret = "mysecret123"
payload = {
"username": "alice",
"iat": datetime.datetime.utcnow(),
"exp": ???
}
token = jwt.encode(payload, secret, algorithm="HS256")
print(token)
Your job: calculate expiration to be 1 minute in the future.
Task 3: Decode and Verify JWT#
Create another script or function that:
Accepts a JWT token
Verifies the signature
Checks the expiration
Prints the decoded payload
Example:
decoded = jwt.decode(token, secret, algorithms=["HS256"])
Your job: handle exceptions (ExpiredSignatureError, InvalidTokenError) and print custom messages.