[Sub Component] JWT Based-Authentication

[TanmoySG]

JWT or JSON Web Tokens are used to authenticate APIs and are provisioned when a user logs-in with Email and Password. JWT is used to remove or reduce the use of Password for authentication for all tasks.

Refer to this and Check Issue #53's Comments

[Parent Component]

• [x] #53

[Checkpoints]

• [x] Choose a JWT Library
• [x] Choose Algo - Symmetric or Asymmetric Encryption
• [x] Secret Management
• [x] Header, Payload and Signature Generator
• [x] JWT Generator
• [x] Return JWT
• [x] Test

[Resources]

• https://jwt.io/introduction
• https://medium.com/jspoint/so-what-the-heck-is-jwt-or-json-web-token-dca8bcb719a6
• https://github.com/lepture/authlib
• https://github.com/jpadilla/pyjwt/
• https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/
• https://jwt.io/libraries
• https://jwt.io/#debugger-io
• https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
• https://en.wikipedia.org/wiki/JSON_Web_Token
• https://auth0.com/learn/json-web-tokens/

[Code Snippet for PyJWT Library]

A sample JWT implementation using pyJWT.

import jwt

encoded_jwt = jwt.encode({"Name": "User"}, "secret", algorithm="HS256")
print(encoded_jwt)

decoded_info = jwt.decode(encoded_jwt, "secret", algorithms=["HS256"])
print(decoded_info)

Returns

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJOYW1lIjoiVXNlciJ9.uXewJOSSW5TQ6JtVHrhX-1joVkrK38OGG6T5rrHVFuM
{'Name': 'User'}

[TanmoySG]

Using pyjwt

Documentation https://pyjwt.readthedocs.io/en/stable/installation.html

[TanmoySG]

Using HS512 as default Algorithm. Using default_random_secret for sample secret.