This is a simple Flask server that demonstrates how to generate, handle, and check JSON Web Tokens (JWTs) in a web application. The server provides endpoints for generating JWTs, handling JWTs without signature verification, and checking JWTs with optional signature verification.
- Generate JWTs with a specified payload
- Handle JWTs without verifying their signature
- Check incoming requests for JWTs and optionally verify their signature
- Command-line flag to enable or disable JWT signature checks
- Command-line flag to change signature verification
- Python 3.x
- Flask
- PyJWT
-
Clone the repository:
git clone https://github.com/sho-luv/jwt_server.git
-
Navigate to the project directory:
cd jwt-server
-
Install the required dependencies:
pip install -r requirements.txt
-
Set your secret key:
Replace
"YOUR_SECRET_KEY"
in the code with your own secret key. This key is used to sign and verify JWTs. -
Run the server:
python jwt_server.py
By default, the server runs without signature checks. To enable signature checks, use the
--check-signature
flag:python jwt_server.py --check-signature
-
Make requests to the server:
- To generate a JWT, send a POST request to
/generate-jwt
with a JSON payload containing the desired claims. - To handle a JWT without signature verification, send a POST request to
/handle-jwt
with a JSON payload containing the JWT. - To check a JWT with optional signature verification, send a POST request to
/check-jwt
with the JWT included in theAuthorization
header as a bearer token.
- To generate a JWT, send a POST request to
POST /generate-jwt
: Generates a JWT with the provided payload.POST /handle-jwt
: Handles a JWT without verifying its signature.POST /check-jwt
: Checks an incoming request for a JWT and optionally verifies its signature.
--check-signature
: Enables JWT signature checks. If not provided, the server runs without signature checks.
Generate a JWT:
curl -X POST -H "Content-Type: application/json" -d '{"username": "john", "email": "[email protected]"}' http://localhost:5000/generate-jwt
Handle a JWT without signature verification:
curl -X POST -H "Content-Type: application/json" -d '{"jwt_token": "YOUR_JWT_TOKEN"}' http://localhost:5000/handle-jwt
Check a JWT with signature verification:
curl -X POST -H "Authorization: Bearer YOUR_JWT_TOKEN" -H "Content-Type: application/json" http://localhost:5000/check-jwt
This project is licensed under the MIT License.