How to Write a Secure Python Serverless App on AWS Lambda

How to Write a Secure Python Serverless App on AWS Lambda

Tutorial: Build a secure serverless app with Python, Tornado, and AWS Lambda.

You say you assume there is only one key, but if there are more, your code loops through all the keys and effectively uses the last.
Instead of:

    for jwk in jwks['keys']:
        public_key = jwk_from_dict(jwk)

Why not be explicit and use the first one if there are more than one:

    public_key = jwk_from_dict(jwks['keys'][0])
        decoded = instance.decode(token, public_key, False)

I don’t see “instance” defined anywhere.

You probably want to add

   instance = JWT()