This is a simple Flask server that demonstrates how to generate, handle, and check JSON Web Tokens (JWTs) in a web application. The server provides endpoints for generating JWTs, handling JWTs without signature verification, and checking JWTs with optional signature verification.

• Generate JWTs with a specified payload
• Handle JWTs without verifying their signature
• Check incoming requests for JWTs and optionally verify their signature
• Command-line flag to enable or disable JWT signature checks
• Command-line flag to change signature verification

• Python 3.x
• Flask
• PyJWT

1. Clone the repository:

   git clone https://github.com/sho-luv/jwt_server.git

2. Navigate to the project directory:

   cd jwt-server

3. Install the required dependencies:

   pip install -r requirements.txt

1. Set your secret key:

   Replace "YOUR_SECRET_KEY" in the code with your own secret key. This key is used to sign and verify JWTs.

2. Run the server:

   python jwt_server.py

   By default, the server runs without signature checks. To enable signature checks, use the --check-signature flag:

   python jwt_server.py --check-signature

3. Make requests to the server:

   • To generate a JWT, send a POST request to /generate-jwt with a JSON payload containing the desired claims.
   • To handle a JWT without signature verification, send a POST request to /handle-jwt with a JSON payload containing the JWT.
   • To check a JWT with optional signature verification, send a POST request to /check-jwt with the JWT included in the Authorization header as a bearer token.

• POST /generate-jwt: Generates a JWT with the provided payload.
• POST /handle-jwt: Handles a JWT without verifying its signature.
• POST /check-jwt: Checks an incoming request for a JWT and optionally verifies its signature.

• --check-signature: Enables JWT signature checks. If not provided, the server runs without signature checks.

Generate a JWT:

curl -X POST -H "Content-Type: application/json" -d '{"username": "john", "email": "[email protected]"}' http://localhost:5000/generate-jwt

Handle a JWT without signature verification:

curl -X POST -H "Content-Type: application/json" -d '{"jwt_token": "YOUR_JWT_TOKEN"}' http://localhost:5000/handle-jwt

Check a JWT with signature verification:

curl -X POST -H "Authorization: Bearer YOUR_JWT_TOKEN" -H "Content-Type: application/json" http://localhost:5000/check-jwt

This project is licensed under the MIT License.