sanic_jwt_extended.tokens module

class sanic_jwt_extended.tokens.Token(app: sanic.app.Sanic, token: dict)[source]

Bases: object

Token object that contains decoded token data and passed with kwargs to endpoint function

jti
Returns:jti data
jwt_identity
Returns:jwt identity claim data (or this can be None if data does not exist)
jwt_user_claims
Returns:user claim data
raw_jwt
Returns:full jwt data in dictionary form
sanic_jwt_extended.tokens.decode_jwt(encoded_token: str, secret: str, algorithm: str, identity_claim_key: str, user_claims_key: str) → Dict[source]

Decodes an encoded JWT

Parameters:
  • encoded_token – The encoded JWT string to decode
  • secret – Secret key used to encode the JWT
  • algorithm – Algorithm used to encode the JWT
  • identity_claim_key – expected key that contains the identity
  • user_claims_key – expected key that contains the user claims
Returns:

Dictionary containing contents of the JWT
sanic_jwt_extended.tokens.encode_access_token(identity: str, secret: str, algorithm: str, expires_delta: datetime.timedelta, fresh: Union[datetime.timedelta, bool], user_claims: dict, role: str, identity_claim_key: str, user_claims_key: str, json_encoder: Callable[..., str] = None) → str[source]

Creates a new encoded (utf-8) access token. :param identity: Identifier for who this token is for (ex, username). This

data must be json serializable
Parameters:
  • secret – Secret key to encode the JWT with
  • algorithm – Which algorithm to encode this JWT with
  • expires_delta (datetime.timedelta or False) – How far in the future this token should expire (set to False to disable expiration)
  • fresh – If this should be a ‘fresh’ token or not. If a datetime.timedelta is given this will indicate how long this token will remain fresh.
  • user_claims – Custom claims to include in this token. This data must be json serializable
  • role – A role field for RBAC
  • identity_claim_key – Which key should be used to store the identity
  • user_claims_key – Which key should be used to store the user claims
  • json_encoder – json encoder
Returns:

Encoded access token
sanic_jwt_extended.tokens.encode_refresh_token(identity, secret, algorithm, expires_delta, user_claims, identity_claim_key, user_claims_key, json_encoder=None)[source]

Creates a new encoded (utf-8) refresh token.

Parameters:
  • identity – Some identifier used to identify the owner of this token
  • secret – Secret key to encode the JWT with
  • algorithm – Which algorithm to use for the toek
  • expires_delta (datetime.timedelta or False) – How far in the future this token should expire (set to False to disable expiration)
  • user_claims – Custom claims to include in this token. This data must be json serializable
  • identity_claim_key – Which key should be used to store the identity
  • user_claims_key – Which key should be used to store the user claims
  • json_encoder – json encoder
Returns:

Encoded refresh token