I'm using PyJWT==1.4.2 to generate tokens that I intend to use for Firebase authentication.

Unfortunately I'm not able to use any of the third-party Python Firebase libraries, and even if I could I had the same difficulty when I tried with FirebaseTokenGenerator.

Inside of my API, I have a function for generating a token for a username.

118     def generate_token(self, username):
119         payload = {
120             'something': 'Here',
121         }   
122         secret = "TESTSECRET"
123         token = jwt.encode(
124             payload,
125             secret,
126             algorithm='HS256')
127         return token

An example of a token I get from this function is:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzb21ldGhpbmciOiJIZXJlIn0.fpIMSRJ3AAL30LIDwHJM9ZOumdRzS7yooiiUgMPms2Y

Unfortunately, this is not a valid token. Online resource such as https://jwt.io/ are telling me that the signature portion is invalid.

Not sure if this is further helpful info, but when I try decoding the token I get the following:

b'{"alg":"HS256","typ":"JWT"}{"something"[83 chars]\x88'

Any thoughts on what I might be doing wrong?

That is indeed a valid token, if you go to jwt.io and paste that token and then update the secret used to verify it to be the same you used to generate the token then the tool will indicate that the signature is valid.

By default, jwt.io tries to validate the signature using the HS256 algorithm and the default secret of secret. You're indeed creating a JWT using the HS256 algorithm so the only thing you need to do to check if it's valid is to update the secret input box to use TESTSECRET.

Also, the signature component of JWT is raw binary data that may not display correctly if you try to decode it to text. For a bit more on how JWT's work you can check Get Started with JSON Web Tokens.

example_payload = {
    'public_id': user.public_id,
    'exp': datetime.datetime.utcnow()+datetime.timedelta(minutes=30)
}

For ENCODING use

token = jwt.encode(example_payload,app.config['SECRET_KEY'],algorithm="HS256")

For DECODING use

data = jwt.decode(token, app.config['SECRET_KEY'], algorithms=["HS256"])

basically just adding the ALGORITHM and ALGORITHMS=[] parts... otherwise it gave me error (token invalid for operations after the log-in), but this fixed it.

In Python3 you don't need the ".decode('UTF-8')" after "jwt.encode()": it does it for you.

Also check you don't have both jwt and PyJWT packages:

pip3 list

if you have both jwt and PyJWT installed then do:

pip3 uninstall jwt
pip3 uninstall PyJWT
pip3 install PyJWT

re-run your app

I guess with the latest version of PyJWT while decoding you need to use the algorithm.

I was facing the same issue. Solved it using the algorithm parameter. The PyJwt version I'm using is 2.0.1. Below is the sample code. Please try and let me know if it works.

payload = jwt.decode("YOUR_JWT_TOKEN","YOUR_SECRET_KEY", algorithms=["HS256"])

Try appending .decode("utf-8") to the decode function.

in any case someone use it like me and create token with this methood

    from flask_jwt_extended import create_access_token

    access_token = create_access_token(identity=access_token)

you shold add in your app.py

app.config['algorithms'] = ["HS256"]

I'm using PyJWT 2.1.0