This section contains the generic implementation of RFC7515. Find how to use it in JWS Guide.
authlib.jose.
JsonWebSignature
(algorithms, private_headers=None)¶REGISTERED_HEADER_PARAMETER_NAMES
= frozenset({'x5c', 'jku', 'x5t#S256', 'kid', 'jwk', 'alg', 'crit', 'cty', 'x5u', 'x5t', 'typ'})¶Registered Header Parameter Names defined by Section 4.1
JWS_AVAILABLE_ALGORITHMS
= {'ES256': <authlib.jose.rfc7518._backends._jws_cryptography.ECAlgorithm object>, 'ES384': <authlib.jose.rfc7518._backends._jws_cryptography.ECAlgorithm object>, 'ES512': <authlib.jose.rfc7518._backends._jws_cryptography.ECAlgorithm object>, 'HS256': <authlib.jose.rfc7518.jws_algorithms.HMACAlgorithm object>, 'HS384': <authlib.jose.rfc7518.jws_algorithms.HMACAlgorithm object>, 'HS512': <authlib.jose.rfc7518.jws_algorithms.HMACAlgorithm object>, 'PS256': <authlib.jose.rfc7518._backends._jws_cryptography.RSAPSSAlgorithm object>, 'PS384': <authlib.jose.rfc7518._backends._jws_cryptography.RSAPSSAlgorithm object>, 'PS512': <authlib.jose.rfc7518._backends._jws_cryptography.RSAPSSAlgorithm object>, 'RS256': <authlib.jose.rfc7518._backends._jws_cryptography.RSAAlgorithm object>, 'RS384': <authlib.jose.rfc7518._backends._jws_cryptography.RSAAlgorithm object>, 'RS512': <authlib.jose.rfc7518._backends._jws_cryptography.RSAAlgorithm object>, 'none': <authlib.jose.rfc7518.jws_algorithms.NoneAlgorithm object>}¶Defined available JWS algorithms
serialize_compact
(protected, payload, key)¶Generate a JWS Compact Serialization. The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string, per Section 7.1.
BASE64URL(UTF8(JWS Protected Header)) || '.' ||
BASE64URL(JWS Payload) || '.' ||
BASE64URL(JWS Signature)
Parameters: |
|
---|---|
Returns: | byte |
deserialize_compact
(s, key, decode=None)¶Exact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via Section 7.1.
Parameters: |
|
---|---|
Returns: | JWSObject |
Raise: | BadSignatureError |
serialize_json
(header_obj, payload, key)¶Generate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per Section 7.2.
Parameters: |
|
---|---|
Returns: | JWSObject |
Example header_obj
of JWS JSON Serialization:
{
"protected: {"alg": "HS256"},
"header": {"kid": "jose"}
}
Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization.
deserialize_json
(obj, key, decode=None)¶Exact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via Section 7.2.
Parameters: |
|
---|---|
Returns: | JWSObject |
Raise: | BadSignatureError |
serialize
(header, payload, key)¶Generate a JWS Serialization. It will automatically generate a
Compact or JSON Serialization depending on the given header. If a
header is in a JSON header format, it will call
serialize_json()
, otherwise it will call
serialize_compact()
.
Parameters: |
|
---|---|
Returns: | byte/dict |
deserialize
(s, key, decode=None)¶Deserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS.
Parameters: |
|
---|---|
Returns: | dict |
Raise: | BadSignatureError |
If key is not provided, it will still deserialize the serialization without verification.
authlib.jose.
JWSHeader
(protected, header)¶Header object for JWS. It combine the protected header and unprotected header together. JWSHeader itself is a dict of the combined dict. e.g.
>>> protected = {'alg': 'HS256'}
>>> header = {'kid': 'a'}
>>> jws_header = JWSHeader(protected, header)
>>> print(jws_header)
{'alg': 'HS256', 'kid': 'a'}
>>> jws_header.protected == protected
>>> jws_header.header == header
Parameters: |
|
---|
authlib.jose.
JWSObject
(header, payload, type='compact')¶A dict instance to represent a JWS object.
authlib.jose.
JWSAlgorithm
¶Interface for JWS algorithm. JWA specification (RFC7518) SHOULD implement the algorithms for JWS with this base implementation.
prepare_private_key
(key)¶Prepare key for sign signature.
prepare_public_key
(key)¶Prepare key for verify signature.
sign
(msg, key)¶Sign the text msg with a private/sign key.
Parameters: |
|
---|---|
Returns: | bytes |
verify
(msg, key, sig)¶Verify the signature of text msg with a public/verify key.
Parameters: |
|
---|---|
Returns: | boolean |