'Hashing' means converting some content (a password in this case) into a sequence of bytes (just a string) that looks like gibberish. We need to install python-jose to generate and verify the JWT tokens in Python:īut it was updated to use Python-jose instead as it provides all the features from PyJWT plus some extras that you might need later when building integrations with other tools. If you want to play with JWT tokens and see how they work, check. And if the user (or a third party) tried to modify the token to change the expiration, you would be able to discover it, because the signatures would not match.
And then when the user comes back the next day with the token, you know that user is still logged in to your system.Īfter a week, the token will be expired and the user will not be authorized and will have to sign in again to get a new token. That way, you can create a token with an expiration of, let's say, 1 week. So, when you receive a token that you emitted, you can verify that you actually emitted it. It is not encrypted, so, anyone could recover the information from the contents.īut it's signed.