# Sanic JWT¶

Sanic JWT adds authentication protection and endpoints to Sanic.

It is both easy to get up and running, and extensible for the developer. It can act to protect endpoints and also provide authentication scoping, all wrapped into a nice JWT.

Pick your favorite user management system, run a single class to initialize, and you are all set.

Open source code on GitHub

## What is new in Version 1.2?¶

Version 1.2 saw a a few minor fixes and changes. Some new features were added to allow custom claims and additional payload verifications. Version 1.1.4 is still stable, so there is no need to upgrade to 1.2.

In addition, there was a change that will (unfortunately) have some potential impact on users. Expired and invalid tokens will report as HTTP 401.

## What is new in Version 1.1?¶

The biggest changes are under the hood relating to how configuration settings are implemented. They are now fully dynamic allowing you to not only dynamically set them at run time, but also have them evaluated at the last minute to give you flexibility when needed.

Flexibility is really the name of the game for v. 1.1. Most of the features are to enable the developer that wants to dig deeper and gain more control. For example, the Authentication now has a number of new renamed methods. Checkout the source code to see what they are (hint: they are the ones NOT with an _ at the beginning.)

Checkout the changelog for a more detailed description.

Note

It is recommended that you are at least using version 1.1.2. You can upgrade to version 1.1.4 for improved exception handling and some bug fixes.

## What is new in Version 1.0?¶

If you have been using Sanic JWT, there should really not be that much different, although under the hood a lot has changed. For starters, the initialize method still works. But, the new recommended way to start Sanic JWT is to use the new Initialize class as seen above.

Using this class allows you to subclass it and really dive deep into modifying and configuring your project just the way you need it. Want to change the authentication responses? No problem. Want to add some new authentication endpoints? Easy.

One of the bigger changes is that we have enabled a new way to add configuration settings. You can of course continue to set them as recommended by Sanic by making them in all capital letters, and giving it a SANIC_JWT_ prefix.

app.config.SANIC_JWT_ACCESS_TOKEN_NAME = 'mytoken'


Or, you can simply pass your configurations into the Initialize class as keyword arguments.

Initialize(
app,
access_token_name='mytoken'
)


Do you need some more complicated logic, or control? Then perhaps you want to subclass the Configuration class.

class MyConfig(Configuration):
access_token_name='mytoken'
def get_refresh_token_name(self):
return some_crazy_logic_to_get_token_name()

Initialize(
app,
configuration_class=MyConfig
)


The point is, with Version 1, we made the entire package extremely adaptable and extensible for you to get done what you need without making decisions for you.

Have fun, and happy coding.