RFC7517: JSON Web Key

This section contains the generic implementation of RFC7517.

Guide on JWK

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. An example would help a lot:

  "kty": "EC",
  "crv": "P-256",
  "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
  "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
  "kid": "iss-a"

This is an Elliptic Curve Public Key represented by JSON data structure. How do we dumps a key into JWK, and loads JWK back into key? The interface of JWK contains these two methods.

Algorithms for kty (Key Type) is defined by RFC7518: JSON Web Algorithms. Available kty values are: EC, RSA and oct. Initialize a JWK instance with JWA:

from authlib.specs.rfc7517 import JWK
from authlib.specs.rfc7518 import JWK_ALGORITHMS

jwk = JWK(algorithms=JWK_ALGORITHMS)
key = read_file('public.pem')
obj = jwk.dumps(key, kty='RSA')
# obj is a dict, you may turn it into JSON
key = jwk.loads(obj)

You may pass extra parameters into dumps method, available parameters can be found on RFC7517 Section 4.

API Reference

class authlib.specs.rfc7517.JWK(algorithms)
loads(obj, kid=None)

Loads JSON Web Key object into a public/private key.

  • obj – A JWK (or JWK set) format dict
  • kid – kid of a JWK set


dumps(key, kty=None, **params)

Generate JWK format for the given public/private key.

  • key – A public/private key
  • kty – key type of the key
  • params – Other parameters

JWK dict

class authlib.specs.rfc7517.JWKAlgorithm
name = None

Interface for JWK algorithm. JWA specification (RFC7518) SHOULD implement the algorithms for JWK with this base implementation.


Prepare key before dumping it into JWK.


Load JWK dict object into a public/private key.


Dump a public/private key into JWK dict object.