PyJWT

---

1. Token-Based Authentication: Authenticate users by generating JWTs containing user information and validating them on the server.

import jwt
from flask import Flask, request

app = Flask(__name__)
SECRET_KEY = 'mysecretkey'

@app.route('/login', methods=['POST'])
def login():
    username = request.form.get('username')
    password = request.form.get('password')
    # Verify username and password
    token = jwt.encode({'username': username}, SECRET_KEY, algorithm='HS256')
    return {'token': token}

@app.route('/protected', methods=['GET'])
def protected():
    token = request.headers.get('Authorization').split(' ')[1]
    payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
    return f'Hello, {payload["username"]}!'

2. API Rate Limiting: Restrict the number of API calls a user can make within a certain time frame by storing call count in JWTs.

import jwt
from flask import Flask, request

app = Flask(__name__)
SECRET_KEY = 'mysecretkey'

@app.route('/api', methods=['GET'])
def api():
    token = request.headers.get('Authorization').split(' ')[1]
    payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
    if payload['call_count'] >= 10:
        return {'error': 'Rate limit exceeded'}
    payload['call_count'] += 1
    token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')
    return {'response': 'OK', 'token': token}

3. Single Sign-On (SSO): Allow users to access multiple applications with a single login by generating JWTs containing user information and sharing them across applications.

import jwt
from flask import Flask, request

app1 = Flask(__name__)
app2 = Flask(__name__)
SECRET_KEY = 'mysecretkey'

@app1.route('/login', methods=['POST'])
def login():
    username = request.form.get('username')
    password = request.form.get('password')
    # Verify username and password
    token = jwt.encode({'username': username}, SECRET_KEY, algorithm='HS256')
    return {'token': token}

@app2.route('/protected', methods=['GET'])
def protected():
    token = request.headers.get('Authorization').split(' ')[1]
    payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
    return f'Hello, {payload["username"]}!'

4. Cloud Storage Access: Securely access cloud storage buckets by generating JWTs containing access permissions and passing them as credentials.

import jwt
from google.cloud import storage

client = storage.Client()
bucket = client.bucket('my-bucket')

def generate_jwt():
    return jwt.encode({'iss': 'my-service-account'}, 'my-private-key', algorithm='RS256')

blob = bucket.blob('myfile.txt')
blob.acl.user(username + '@example.com').grant_read(if_metageneration_match=generation)

5. Mobile Device Authentication: Identify and authenticate mobile devices by generating JWTs containing device-specific information.

import jwt
from flask import Flask, request

app = Flask(__name__)
SECRET_KEY = 'mysecretkey'

@app.route('/login', methods=['POST'])
def login():
    device_info = request.form.get('device_info')
    # Verify device_info
    token = jwt.encode({'device_id': device_info}, SECRET_KEY, algorithm='HS256')
    return {'token': token}

@app.route('/protected', methods=['GET'])
def protected():
    token = request.headers.get('Authorization').split(' ')[1]
    payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
    return f'Device ID: {payload["device_id"]}!'

6. Event Logging: Securely log events by generating JWTs containing event details and storing them in a secure location.

import jwt
import logging

def log_event(event_type, **kwargs):
    payload = {'event_type': event_type, **kwargs}
    token = jwt.encode(payload, 'my-secret-key', algorithm='HS256')
    logging.info(token)

7. Data Sharing: Securely share sensitive data with third-party applications by generating JWTs containing limited access permissions.

import jwt
from flask import Flask, request

app = Flask(__name__)
SECRET_KEY = 'mysecretkey'
DATA = {'mydata': 'sensitive-information'}

@app.route('/share', methods=['POST'])
def share():
    access_permissions = {'read': True, 'write': False}
    token = jwt.encode({'access_permissions': access_permissions}, SECRET_KEY, algorithm='HS256')
    return {'token': token}

@app.route('/access', methods=['GET'])
def access():
    token = request.headers.get('Authorization').split(' ')[1]
    payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
    if payload['access_permissions']['read']:
        return DATA.get('mydata')
    else:
        return {'error': 'Insufficient permissions'}

8. Authorization Server: Create an authorization server that issues JWTs to applications and validates JWTs presented by clients.

import jwt
from flask import Flask, request

app = Flask(__name__)
SECRET_KEY = 'mysecretkey'
CLIENT_SECRET = 'my-client-secret'

@app.route('/authorize', methods=['POST'])
def authorize():
    client_id = request.form.get('client_id')
    # Verify client_id and client_secret
    token = jwt.encode({'client_id': client_id}, CLIENT_SECRET, algorithm='HS256')
    return {'token': token}

@app.route('/validate', methods=['POST'])
def validate():
    token = request.headers.get('Authorization').split(' ')[1]
    payload = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
    return {'valid': True, 'client_id': payload['client_id']}

9. Secure Messaging: Establish secure communication channels by generating JWTs containing encryption keys and message metadata.

import jwt
from cryptography.fernet import Fernet

def generate_jwt():
    encryption_key = Fernet.generate_key()
    payload = {'encryption_key': encryption_key}
    token = jwt.encode(payload, 'my-secret-key', algorithm='HS256')
    return token

def decrypt_message(token, encrypted_message):
    payload = jwt.decode(token, 'my-secret-key', algorithms=['HS256'])
    encryption_key = payload['encryption_key']
    decrypted_message = Fernet(encryption_key).decrypt(encrypted_message)
    return decrypted_message

10. Two-Factor Authentication (2FA): Enhance security by requiring users to provide both a password and a one-time code generated in a JWT.

import jwt
from flask import Flask, request

app = Flask(__name__)
SECRET_KEY = 'mysecretkey'

@app.route('/login', methods=['POST'])
def login():
    username = request.form.get('username')
    password = request.form.get('password')
    # Verify username and password
    token = jwt.encode({'username': username}, SECRET_KEY, algorithm='HS256')
    return {'token': token}

@app.route('/2fa', methods=['POST'])
def two_fa():
    token = request.headers.get('Authorization').split(' ')[1]
    one_time_code = request.form.get('one_time_code')
    # Verify one_time_code
    return {'message': 'Login successful!'}