Configuration

Flask_PyJWT’s configuration variables are read from the Flask app’s config and start with the prefix “JWT_”.

Required Values

JWT_ISSUER

(str): The issuer of JWTs. Usually your website/API’s name.

JWT_AUTHTYPE

(str): The type of auth to use for your JWTs (HMACSHA256, HMACSHA512, RSA256, RSA512).

Accepted Values:

  • HS256

  • HS512

  • RS256

  • RS512

JWT_SECRET

(str | bytes): The secret key or RSA private key to sign JWTs with.

If the JWT_AUTHTYPE is HS256 or HS512, a str is required. if the JWT_AUTHTYPE is RS256 or RS512, a bytes encoded RSA private key is required.

Optional Values

JWT_AUTHMAXAGE

(int): The maximum time, in seconds, that an auth JWT is considered valid.

JWT_REFRESHMAXAGE

(int): The maximum time, in seconds, that a refresh JWT is considered valid.

JWT_PUBLICKEY

(str | bytes): The RSA public key used to verify JWTs with, if the JWT_AUTHTYPE is set to RS256 or RS512.