Skip to content

Welcome

SuperJWT logo

A modern implementation of JSON Web Token (JWT) for Python.
With powerful Pydantic validation features.

GitHub Actions workflow status on main branch
PyPI - Version Supported Python versions

Overview

SuperJWT is a minimalist JWT library for Python 3.10+ that combines the simplicity of JWT encoding/decoding with the power of Pydantic validation. It supports JWS (JSON Web Signature) format with HMAC or various asymmetric algorithms and includes advanced features like enhanced time integrity checks, compact token inspection, custom timestamp serialization, detached payload mode, time spoofing, and more.
Learn more about JWT.

Installation

HMAC support only (default) 

pip install superjwt

With support for asymmetric algorithms 

pip install superjwt[asymmetric]

Features

🔏 JWT Secure Encoding & Decoding

  • Sign and verify your JWT/JWS content with the algorithm of your choice!
    All current state-of-the-art algorithms are implemented: HMAC, RSA-PKCS1, RSA-PSS, ECDSA, and EdDSA.
  • Inspect your token without verification or validation for testing and debugging purposes.
  • Generate your own keys, compatible with the selected algorithms.
  • Use detached mode to send your JWT payload separately, while still being able to verify content integrity.

🕰️ Enhanced Time Integrity

  • Check expiration and time integrity automatically.
  • Configure leeway to account for clock skew.
  • Use time spoofing for refined testing.

✔️ Custom Content Validation

  • Validate the content of your JWT against ready-made, Pydantic-compliant models or extend them to your liking, beyond the standard registered claims.
  • Serialize timestamps as either integers or floats.

🩵 Modern Codebase

  • SuperJWT is written for Python 3.10+ with full type hints support in your IDE. Every function, method, and Pydantic model has autocompletion.
  • Clean, modular, and lightweight codebase: thanks to Pydantic and the optional cryptography library, SuperJWT is a compact library, well-structured, and easy to read.

🤖 Heavily Tested

  • SuperJWT maintains comprehensive unit tests and integration tests across all the intertwined features of the library: key generation and derivation, JWS signature and verification, and JWT content validation.

Start building now: go to User Guide!