wristband-python-jwt 0.1.0__tar.gz

wristband_python_jwt-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Apitopia, Inc. (dba Wristband)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

wristband_python_jwt-0.1.0/PKG-INFO

@@ -0,0 +1,74 @@
+Metadata-Version: 2.4
+Name: wristband-python-jwt
+Version: 0.1.0
+Summary: Framework-agnostic Python SDK for validating JWT access tokens issued by Wristband.
+Author-email: Wristband <support@wristband.dev>
+License-Expression: MIT
+Project-URL: Homepage, https://wristband.dev
+Project-URL: Repository, https://github.com/wristband-dev/python-jwt
+Project-URL: Documentation, https://docs.wristband.dev
+Keywords: api,auth,authentication,authorization,fastapi,flask,django,jwt,multi-tenant,multi-tenancy,oauth,oidc,sdk,secure,security,sso,validation,wristband
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Operating System :: OS Independent
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Security
+Classifier: Development Status :: 4 - Beta
+Classifier: Framework :: FastAPI
+Classifier: Framework :: Flask
+Classifier: Framework :: Django
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography<45.0.0,>=41.0.0
+Requires-Dist: httpx>=0.24.0
+Provides-Extra: dev
+Requires-Dist: setuptools>=61; extra == "dev"
+Requires-Dist: pytest<9.0.0,>=8.2.0; extra == "dev"
+Requires-Dist: pytest-cov<6.0.0,>=5.0.0; extra == "dev"
+Requires-Dist: pytest-httpx>=0.21.0; extra == "dev"
+Requires-Dist: mypy>=1.10.0; extra == "dev"
+Requires-Dist: flake8<7.0.0,>=6.0.0; extra == "dev"
+Requires-Dist: flake8-pyproject>=1.2.0; extra == "dev"
+Requires-Dist: pip-audit>=2.0.0; extra == "dev"
+Requires-Dist: bandit>=1.7.0; extra == "dev"
+Requires-Dist: build>=0.10.0; extra == "dev"
+Requires-Dist: twine>=4.0.0; extra == "dev"
+Requires-Dist: black>=23.0.0; extra == "dev"
+Requires-Dist: isort>=5.12.0; extra == "dev"
+Dynamic: license-file
+
+# Wristband Framework-Agnostic JWT Validation SDK for Python
+
+Wristband provides enterprise-ready auth that is secure by default, truly multi-tenant, and ungated for small businesses.
+
+- Website: [Wristband Website](https://wristband.dev)
+- Documentation: [Wristband Docs](https://docs.wristband.dev/)
+
+For detailed setup instructions and usage guidelines, visit the project's GitHub repository.
+
+- [Python JWT SDK - GitHub](https://github.com/wristband-dev/python-jwt)
+
+
+## Details
+
+This SDK provides secure JWT validation capabilities for applications using Wristband authentication. It is framework-agnostic and works with FastAPI, Flask, Django, and other Python web frameworks. The SDK follows OWASP security best practices and is supported for Python 3.9+. Key functionalities include:
+
+- Extracting Bearer tokens from HTTP Authorization headers.
+- Validating JWT signatures using Wristband's JWKS endpoint.
+- Verifying token claims including issuer, expiration, and algorithm allowlisting to prevent common JWT vulnerabilities.
+- Automatic JWKS key caching and rotation for optimal performance.
+- Comprehensive error handling with detailed validation messages.
+
+You can learn more about JWTs in Wristband in our documentation:
+
+- [JWTs and Signing Keys](https://docs.wristband.dev/docs/json-web-tokens-jwts-and-signing-keys)
+
+## Questions
+
+Reach out to the Wristband team at <support@wristband.dev> for any questions regarding this SDK.

wristband_python_jwt-0.1.0/README.md

@@ -0,0 +1,405 @@
+<div align="center">
+  <a href="https://wristband.dev">
+    <picture>
+      <img src="https://assets.wristband.dev/images/email_branding_logo_v1.png" alt="Wristband" width="297" height="64">
+    </picture>
+  </a>
+  <p align="center">
+    Enterprise-ready auth that is secure by default, truly multi-tenant, and ungated for small businesses.
+  </p>
+  <p align="center">
+    <b>
+      <a href="https://wristband.dev">Website</a> • 
+      <a href="https://docs.wristband.dev/">Documentation</a>
+    </b>
+  </p>
+</div>
+
+<br/>
+
+---
+
+<br/>
+
+# Wristband JWT Validation SDK for Python
+
+This framework-agnostic Python SDK validates JWT access tokens issued by Wristband for user or machine authentication. It uses the Wristband JWKS endpoint to resolve signing keys and verify RS256 signatures. Validation includes issuer verification, lifetime checks, and signature validation using cached keys. Developers should use this to protect routes and ensure that only valid, Wristband-issued access tokens can access secured APIs.
+
+You can learn more about JWTs in Wristband in our documentation:
+
+- [JWTs and Signing Keys](https://docs.wristband.dev/docs/json-web-tokens-jwts-and-signing-keys)
+
+<br/>
+
+## Requirements
+
+This SDK is designed to work with Python 3.9+ and any Python framework (FastAPI, Django, Flask, etc.). It uses minimal dependencies for maximum compatibility and security.
+
+<br/>
+
+## 1) Installation
+
+```bash
+pip install wristband-python-jwt
+```
+
+or
+
+```bash
+poetry add wristband-python-jwt
+```
+
+or
+
+```bash
+pipenv install wristband-python-jwt
+```
+
+You should see the dependency added to your `requirements.txt` file:
+
+```txt
+wristband-python-jwt==0.1.0
+```
+
+Or in your `pyproject.toml`:
+
+```txt
+dependencies = [
+    "wristband-python-jwt==0.1.0",
+    # ...other dependencies...
+]
+```
+
+Or in your `Pipfile`:
+```txt
+[packages]
+wristband-python-jwt = "==0.1.0"
+```
+
+<br/>
+
+## 2) Wristband Configuration
+
+First, you'll need to make sure you have an Application in your Wristband Dashboard account. If you haven't done so yet, refer to our docs on [Creating an Application](https://docs.wristband.dev/docs/quick-start-create-a-wristband-application).
+
+**Make sure to copy the Application Vanity Domain for next steps, which can be found in "Application Settings" for your Wristband Application.**
+
+<br/>
+
+## 3) SDK Configuration
+
+First, create an instance of `WristbandJwtValidator` in your server's directory structure in any location of your choice (i.e.: `src/wristband.py`). Then, you can export this instance and use it across your project. When creating an instance, you provide all necessary configurations for your application to correlate with how you've set it up in Wristband.
+
+```python
+# src/wristband.py
+from wristband.python_jwt import create_wristband_jwt_validator, WristbandJwtValidatorConfig
+
+wristband_jwt_validator = create_wristband_jwt_validator(
+    WristbandJwtValidatorConfig(
+        wristband_application_vanity_domain='auth.yourapp.io'
+    )
+)
+```
+
+<br/>
+
+## 4) Extract and Validate JWT Tokens
+
+The SDK provides methods to extract Bearer tokens from Authorization headers and validate them. Here are examples for a few frameworks:
+
+### FastAPI
+
+```python
+# jwt_auth_middleware.py
+from fastapi import Request, Response, status
+from starlette.middleware.base import BaseHTTPMiddleware
+from .wristband import wristband_jwt_validator
+
+class JwtAuthMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next):
+        # Adjust paths as needed
+        if not request.url.path.startswith('/api/protected/'):
+            return await call_next(request)
+        
+        try:
+            auth_header = request.headers.get("authorization")
+            token = wristband_jwt_validator.extract_bearer_token(auth_header)
+            result = wristband_jwt_validator.validate(token)
+            
+            if not result.is_valid:
+                print(f"JWT validation middleware error: {result.error_message}")
+                return Response(status_code=status.HTTP_401_UNAUTHORIZED)
+            
+            return await call_next(request)
+            
+        except Exception as error:
+            print(f"JWT validation middleware error: {error}")
+            return Response(status_code=status.HTTP_401_UNAUTHORIZED)
+
+# main.py
+from fastapi import FastAPI, Request
+from .middleware import JwtAuthMiddleware
+
+app = FastAPI()
+
+# Add JWT authentication middleware
+app.add_middleware(JwtAuthMiddleware)
+
+@app.get("/api/protected/data")
+async def protected_data(request: Request):
+    return { "message": "Hello from protected API!" }
+```
+
+<br/>
+
+### Django
+
+```python
+# your_app/jwt_auth_middleware.py
+from django.http import HttpResponse
+from django.utils.deprecation import MiddlewareMixin
+from .wristband import wristband_jwt_validator
+
+class JwtAuthMiddleware(MiddlewareMixin):
+    def process_request(self, request):
+        # Adjust paths as needed
+        if not request.path.startswith('/api/protected/'):
+            return None
+            
+        try:
+            auth_header = request.META.get('HTTP_AUTHORIZATION')
+            token = wristband_jwt_validator.extract_bearer_token(auth_header)
+            result = wristband_jwt_validator.validate(token)
+            
+            if not result.is_valid:
+                print(f"JWT validation middleware error: {result.error_message}")
+                return HttpResponse(status=401)
+
+        except Exception as error:
+            print(f"JWT validation middleware error: {error}")
+            return HttpResponse(status=401)
+
+# your_project/settings.py
+MIDDLEWARE = [
+    # ...other middlewares...
+    'your_app.middleware.JwtAuthMiddleware',  # Add your JWT middleware
+]
+
+# your_project/urls.py
+from django.contrib import admin
+from django.urls import path
+from your_app import views
+
+urlpatterns = [
+    # The JWT middleware will execute before the business logic occurs.
+    path('api/protected/data/', views.protected_view, name='protected_data'),
+    # ...other URLs...
+]
+```
+
+<br/>
+
+### Flask
+
+```python
+# jwt_auth_middleware.py
+from flask import request, jsonify, g
+from functools import wraps
+from .wristband import wristband_jwt_validator
+
+def jwt_auth_middleware():
+    # Adjust paths as needed
+    if not request.path.startswith('/api/protected/'):
+        return None
+        
+    try:
+        auth_header = request.headers.get('Authorization')
+        token = wristband_jwt_validator.extract_bearer_token(auth_header)
+        result = wristband_jwt_validator.validate(token)
+        
+        if not result.is_valid:
+            print(f"JWT validation middleware error: {result.error_message}")
+            return '', 401
+
+    except Exception as error:
+        print(f"JWT validation middleware error: {error}")
+        return '', 401
+
+# app.py
+from flask import Flask, jsonify
+from .middleware import jwt_auth_middleware
+
+app = Flask(__name__)
+
+# Register JWT middleware to run before each request
+app.before_request(jwt_auth_middleware)
+
+@app.route('/api/protected/data', methods=['GET'])
+def protected_data():
+    return jsonify({"message": "Hello from protected API!"})
+
+if __name__ == '__main__':
+    app.run(debug=True)
+```
+
+<br/>
+
+## JWKS Caching and Expiration
+
+The SDK automatically retrieves and caches JSON Web Key Sets (JWKS) from your Wristband application's domain to validate incoming access tokens. By default, keys are cached in memory and reused across requests to avoid unnecessary network calls.
+
+You can control how the SDK handles this caching behavior using two optional configuration values: `jwks_cache_max_size` and `jwks_cache_ttl`.
+
+**Set a limit on how many keys to keep in memory:**
+```python
+validator = create_wristband_jwt_validator(
+    WristbandJwtValidatorConfig(
+        wristband_application_vanity_domain='auth.yourapp.io',
+        jwks_cache_max_size=10  # Keep at most 10 keys in cache
+    )
+)
+```
+
+**Set a time-to-live duration for each key:**
+```python
+validator = create_wristband_jwt_validator(
+    WristbandJwtValidatorConfig(
+        wristband_application_vanity_domain='auth.yourapp.io',
+        jwks_cache_ttl=2629746000  # Expire keys from cache after 1 month (in milliseconds)
+    )
+)
+```
+
+If `jwks_cache_ttl` is not set, cached keys remain available until evicted by the cache size limit.
+
+<br>
+
+## SDK Configuration Options
+
+| JWT Validation Option | Type | Required | Description |
+| --------------------- | ---- | -------- | ----------- |
+| jwks_cache_max_size | int | No | Maximum number of JWKs to cache in memory. When exceeded, the least recently used keys are evicted. Defaults to 20. |
+| jwks_cache_ttl | int | No | Time-to-live for cached JWKs, in milliseconds. If not set, keys remain in cache until eviction by size limit. |
+| wristband_application_vanity_domain | str | Yes | The Wristband vanity domain used to construct the JWKS endpoint URL for verifying tokens. Example: `myapp.wristband.dev`. |
+
+<br/>
+
+## API Reference
+
+### `create_wristband_jwt_validator(config)`
+
+This is a factory function that creates a configured JWT validator instance.
+
+**Parameters:**
+| Name | Type | Required | Description |
+| ---- | ---- | -------- | ----------- |
+| config | `WristbandJwtValidatorConfig` | Yes | Configuration options (see [SDK Configuration Options](#sdk-configuration-options)) |
+
+**Returns:**
+- The configured `WristbandJwtValidator` instance
+
+**Example:**
+```python
+validator = create_wristband_jwt_validator(
+    WristbandJwtValidatorConfig(
+        wristband_application_vanity_domain='myapp.wristband.dev',
+        jwks_cache_max_size=20,
+        jwks_cache_ttl=3600000
+    )
+)
+```
+
+<br/>
+
+### `extract_bearer_token(authorization_header)`
+
+This is used to extract the raw Bearer token from an HTTP Authorization header. It can handle various input formats and validates the Bearer scheme according to [RFC 6750](https://datatracker.ietf.org/doc/html/rfc6750).
+
+The function will raise an error for the following cases:
+- The Authorization header is missing
+- The Authorization header is malformed
+- The Authorization header contains multiple entries
+- The Authorization header uses wrong scheme (i.e. not using `Bearer`)
+- The Authorization header is missing the token value
+
+**Parameters:**
+| Name | Type | Required | Description |
+| ---- | ---- | -------- | ----------- |
+| authorization_header | str or list[str] | Yes | The Authorization header value(s) of the current request. |
+
+**Returns:**
+| Type | Description |
+| ---- | ----------- |
+| str | The extracted Bearer token |
+
+**Valid usage examples:**
+```python
+token1 = wristband_jwt_validator.extract_bearer_token('Bearer abc123')
+token2 = wristband_jwt_validator.extract_bearer_token(['Bearer abc123'])
+# From FastAPI request
+token3 = wristband_jwt_validator.extract_bearer_token(request.headers.get('authorization'))
+# From Django request
+token4 = wristband_jwt_validator.extract_bearer_token(request.META.get('HTTP_AUTHORIZATION'))
+```
+
+**Invalid cases that raise errors:**
+```python
+wristband_jwt_validator.extract_bearer_token(['Bearer abc', 'Bearer xyz'])
+wristband_jwt_validator.extract_bearer_token([])
+wristband_jwt_validator.extract_bearer_token('Basic abc123')
+wristband_jwt_validator.extract_bearer_token('Bearer ')
+```
+
+### `validate(token)`
+
+Validates a JWT access token issued by Wristband. Performs comprehensive validation including format checking, signature verification, issuer validation, and expiration checks.
+
+**Parameters:**
+| Name | Type | Required | Description |
+| ---- | ---- | -------- | ----------- |
+| token | str | Yes | The Wristband JWT token to validate. |
+
+**Returns:**
+| Type | Description |
+| ---- | ----------- |
+| `JwtValidationResult` | Validation result object. |
+
+JwtValidationResult attributes:
+```python
+class JwtValidationResult:
+    is_valid: bool
+    payload: Optional[JWTPayload]     # Present when is_valid is True
+    error_message: Optional[str]      # Present when is_valid is False
+```
+
+JWTPayload properties:
+```python
+class JWTPayload:
+    iss: Optional[str]                    # Issuer
+    sub: Optional[str]                    # Subject (user ID)
+    aud: Optional[Union[str, List[str]]]  # Audience
+    exp: Optional[int]                    # Expiration time (Unix timestamp)
+    nbf: Optional[int]                    # Not before (Unix timestamp)
+    iat: Optional[int]                    # Issued at (Unix timestamp)
+    jti: Optional[str]                    # JWT ID
+    # ... plus any additional Wristband custom claims...
+```
+
+**Valid usage examples:**
+```python
+result = validator.validate(token)
+
+if result.is_valid:
+    print('User ID:', result.payload.sub)
+    print('Expires at:', datetime.fromtimestamp(result.payload.exp))
+else:
+    print('Validation failed:', result.error_message)
+```
+
+<br/>
+
+## Questions
+
+Reach out to the Wristband team at <support@wristband.dev> for any questions regarding this SDK.
+
+<br/>

wristband_python_jwt-0.1.0/README_PYPI.md

@@ -0,0 +1,29 @@
+# Wristband Framework-Agnostic JWT Validation SDK for Python
+
+Wristband provides enterprise-ready auth that is secure by default, truly multi-tenant, and ungated for small businesses.
+
+- Website: [Wristband Website](https://wristband.dev)
+- Documentation: [Wristband Docs](https://docs.wristband.dev/)
+
+For detailed setup instructions and usage guidelines, visit the project's GitHub repository.
+
+- [Python JWT SDK - GitHub](https://github.com/wristband-dev/python-jwt)
+
+
+## Details
+
+This SDK provides secure JWT validation capabilities for applications using Wristband authentication. It is framework-agnostic and works with FastAPI, Flask, Django, and other Python web frameworks. The SDK follows OWASP security best practices and is supported for Python 3.9+. Key functionalities include:
+
+- Extracting Bearer tokens from HTTP Authorization headers.
+- Validating JWT signatures using Wristband's JWKS endpoint.
+- Verifying token claims including issuer, expiration, and algorithm allowlisting to prevent common JWT vulnerabilities.
+- Automatic JWKS key caching and rotation for optimal performance.
+- Comprehensive error handling with detailed validation messages.
+
+You can learn more about JWTs in Wristband in our documentation:
+
+- [JWTs and Signing Keys](https://docs.wristband.dev/docs/json-web-tokens-jwts-and-signing-keys)
+
+## Questions
+
+Reach out to the Wristband team at <support@wristband.dev> for any questions regarding this SDK.

wristband_python_jwt-0.1.0/pyproject.toml

@@ -0,0 +1,115 @@
+[build-system]
+requires = ["setuptools>=61"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "wristband-python-jwt"
+version = "0.1.0"
+description = "Framework-agnostic Python SDK for validating JWT access tokens issued by Wristband."
+readme = "README_PYPI.md"
+license = "MIT"
+authors = [
+    {name = "Wristband", email = "support@wristband.dev"},
+]
+requires-python = ">=3.9"
+dependencies = [
+    "cryptography>=41.0.0,<45.0.0",
+    "httpx>=0.24.0",
+]
+keywords = [
+    "api",
+    "auth",
+    "authentication",
+    "authorization",
+    "fastapi",
+    "flask",
+    "django",
+    "jwt",
+    "multi-tenant",
+    "multi-tenancy",
+    "oauth",
+    "oidc",
+    "sdk",
+    "secure",
+    "security",
+    "sso",
+    "validation",
+    "wristband"
+]
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Operating System :: OS Independent",
+    "Intended Audience :: Developers",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+    "Topic :: Security",
+    "Development Status :: 4 - Beta",
+    "Framework :: FastAPI",
+    "Framework :: Flask",
+    "Framework :: Django",
+]
+
+[project.optional-dependencies]
+dev = [
+    "setuptools>=61",
+    "pytest>=8.2.0,<9.0.0",
+    "pytest-cov>=5.0.0,<6.0.0",
+    "pytest-httpx>=0.21.0",
+    "mypy>=1.10.0",
+    "flake8>=6.0.0,<7.0.0",
+    "flake8-pyproject>=1.2.0",
+    "pip-audit>=2.0.0",
+    "bandit>=1.7.0",
+    "build>=0.10.0",
+    "twine>=4.0.0",
+    "black>=23.0.0",
+    "isort>=5.12.0",
+]
+
+[project.urls]
+"Homepage" = "https://wristband.dev"
+"Repository" = "https://github.com/wristband-dev/python-jwt"
+"Documentation" = "https://docs.wristband.dev"
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.setuptools.package-dir]
+"" = "src"
+
+[tool.setuptools.package-data]
+"wristband" = ["py.typed"]
+
+[tool.pytest.ini_options]
+pythonpath = ["src"]
+minversion = "8.0"
+addopts = "-ra -q --strict-markers --strict-config"
+testpaths = ["tests"]
+
+[tool.flake8]
+max-line-length = 120
+extend-ignore = ["E203", "W503"]
+
+[tool.mypy]
+python_version = "3.9"
+strict = true
+warn_return_any = true
+warn_unused_configs = true
+disallow_untyped_defs = true
+exclude = ["tests/"]
+
+[tool.black]
+line-length = 120
+target-version = ['py39']
+
+[tool.isort]
+profile = "black"
+line_length = 120
+
+[tool.coverage.run]
+source = ["src"]
+omit = ["tests/*"]

wristband_python_jwt-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

wristband_python_jwt-0.1.0/src/wristband/python_jwt/__init__.py

@@ -0,0 +1,46 @@
+"""
+Wristband JWT Validation SDK for Python.
+
+Framework-agnostic Python SDK for validating JWT access tokens issued by Wristband
+for user or machine authentication. Uses the Wristband JWKS endpoint to resolve
+signing keys and verify RS256 signatures.
+
+Example:
+    ```python
+    from wristband.python_jwt import create_wristband_jwt_validator, WristbandJwtValidatorConfig
+
+    # Create validator instance (reuse across requests)
+    validator = create_wristband_jwt_validator(
+        WristbandJwtValidatorConfig(wristband_application_vanity_domain='myapp.wristband.dev')
+    )
+
+    # Extract and validate token
+    def verify_token(authorization_header):
+        try:
+            token = validator.extract_bearer_token(authorization_header)
+            result = await validator.validate(token)
+
+            if result.is_valid:
+                return result.payload
+            else:
+                raise ValueError(result.error_message)
+        except Exception as error:
+            raise ValueError(f"Authentication failed: {error}")
+    ```
+"""
+
+from .models import (
+    JWTPayload,
+    JwtValidationResult,
+    WristbandJwtValidator,
+    WristbandJwtValidatorConfig,
+)
+from .validator import create_wristband_jwt_validator
+
+__all__ = [
+    "WristbandJwtValidator",
+    "WristbandJwtValidatorConfig",
+    "JWTPayload",
+    "JwtValidationResult",
+    "create_wristband_jwt_validator",
+]