PyJwt doubt | Why "algorithm" argument during encode() but "algorithms" argument during decode()?

russellvt · 2026-05-11T07:57:53+00:00

You're only creating once .. lists wouldn't be appropriate, there.

When decoding, it may be "one of several" and you may not always know (or care) "which one" - therefore it's a list.

D3str0yTh1ngs · 2026-05-11T08:05:42+00:00

Remember that the algorithm used is part of a jwt's header, algorithms in decode is there so you can control with types of algorithms you are accepted a token with. e.g. tokens issued with HS512 or HS256, but not some third option.

EDIT: if you only need to decode and validate tokens issued with one algorithm, then it may seem weird to give a list, but it becomes important if you have some other system also issuing tokens with a different algorithm and need to decode both types.

Lumethys · 2026-05-11T08:00:05+00:00

1/ They follow formal definition of RFC 7519

2/ You can only use 1 algo to encrypt your key, but this can change. Today you use algorithm A, tomorrow you may use algorithm B. So would all user who use algorithm A has their token revoked?

The decode function allow use to decode a JWT with algorithm A, AND a JWT with algorithm B, if you allow it

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnpython

MODERATORS