JSON Web Key

This section contains the generic implementation of RFC7517.

Guide on JWK

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. An example would help a lot:

  "kty": "EC",
  "crv": "P-256",
  "x": "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU",
  "y": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0",
  "kid": "iss-a"

This is an Elliptic Curve Public Key represented by JSON data structure. How do we dumps a key into JWK, and loads JWK back into key? The interface of JWK contains these two methods.

Algorithms for kty (Key Type) is defined by JSON Web Algorithms. Available kty values are: EC, RSA and oct. Initialize a JWK instance with JWA:

from authlib.specs.rfc7517 import JWK
from authlib.specs.rfc7518 import JWK_ALGORITHMS

jwk = JWK(algorithms=JWK_ALGORITHMS)
key = read_file('public.pem')
obj = jwk.dumps(key, kty='RSA')
# obj is a dict, you may turn it into JSON
key = jwk.loads(obj)

You may pass extra parameters into dumps method, available parameters can be found on RFC7517 Section 4.

API Reference

class authlib.specs.rfc7517.JWK(algorithms)
loads(obj, kid=None)

Loads JSON Web Key object into a public/private key.

  • obj – A JWK (or JWK set) format dict
  • kid – kid of a JWK set


dumps(key, kty=None, **params)

Generate JWK format for the given public/private key.

  • key – A public/private key
  • kty – key type of the key
  • params – Other parameters

JWK dict

class authlib.specs.rfc7517.JWKAlgorithm
name = None

Interface for JWK algorithm. JWA specification (RFC7518) SHOULD implement the algorithms for JWK with this base implementation.


Prepare key before dumping it into JWK.


Load JWK dict object into a public/private key.


Dump a public/private key into JWK dict object.