diff options
author | Mark Adams <mark@markadams.me> | 2015-04-18 22:45:15 -0500 |
---|---|---|
committer | Mark Adams <mark@markadams.me> | 2015-04-18 22:45:15 -0500 |
commit | a97dc6ef58a729c8a90161cc53e8b2ec750cd405 (patch) | |
tree | 60bb4e21a4f1599236cefde106184a3a2c33e283 | |
parent | 490dfd646bea97bcc7b9832e6ddf16c55260958d (diff) | |
parent | 3ac45aad3fc07cce130d34467e4a994009a8e5b6 (diff) | |
download | pyjwt-a97dc6ef58a729c8a90161cc53e8b2ec750cd405.tar.gz |
Merge pull request #139 from Turbo87/readme-examples
README: Add example outputs as comments
-rw-r--r-- | README.md | 21 |
1 files changed, 14 insertions, 7 deletions
@@ -28,26 +28,30 @@ If you're system doesn't allow installing `cryptography` like on Google App Engi ```python import jwt -jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256') +encoded = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256') +# 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg' ``` Additional headers may also be specified. ```python jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256', headers={'kid': '230498151c214b788dd97f22b85410a5'}) +# 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjIzMDQ5ODE1MWMyMTRiNzg4ZGQ5N2YyMmI4NTQxMGE1In0.eyJzb21lIjoicGF5bG9hZCJ9.DogbDGmMHgA_bU05TAB-R6geQ2nMU2BRM-LnYEtefwg' ``` Note the resulting JWT will not be encrypted, but verifiable with a secret key. ```python -jwt.decode('someJWTstring', 'secret', algorithms=['HS256']) +jwt.decode(encoded, 'secret', algorithms=['HS256']) +# {u'some': u'payload'} ``` If the secret is wrong, it will raise a `jwt.DecodeError` telling you as such. You can still get the payload by setting the `verify` argument to `False`. ```python -jwt.decode('someJWTstring', verify=False) +jwt.decode(encoded, verify=False) +# {u'some': u'payload'} ``` The `decode()` function can raise other exceptions, e.g. for invalid issuer or @@ -57,7 +61,7 @@ use this approach to catch any issues relating to invalid tokens: ```python try: - payload = jwt.decode('someJWTstring') + payload = jwt.decode(encoded) except jwt.InvalidTokenError: pass # do something sensible here, e.g. return HTTP 403 status code ``` @@ -83,7 +87,8 @@ options = { 'verify_exp': True, } -jwt.decode('someJWTstring', 'secret', options=options) +jwt.decode(encoded, 'secret', options=options) +# {u'some': u'payload'} ``` **NOTE**: *Changing the default behavior is done at your own risk, and almost certainly will make your @@ -121,7 +126,8 @@ You can specify which algorithm you would like to use to sign the JWT by using the `algorithm` parameter: ```python -jwt.encode({'some': 'payload'}, 'secret', algorithm='HS512') +encoded = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS512') +# 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.WTzLzFO079PduJiFIyzrOah54YaM8qoxH9fLMQoQhKtw3_fMGjImIOokijDkXVbyfBqhMo2GCNu4w9v7UXvnpA' ``` ### Decoding @@ -130,7 +136,8 @@ when validating the JWT by using the `algorithms` parameter which takes a list of allowed algorithms: ```python -jwt.decode(some_jwt, 'secret', algorithms=['HS512', 'HS256']) +jwt.decode(encoded, 'secret', algorithms=['HS512', 'HS256']) +# {u'some': u'payload'} ``` In the above case, if the JWT has any value for its alg header other than |