RFC7517: JSON Web Key

This section contains the generic implementation of RFC7517. Find how to use it in JWK Guide.

API Reference

class authlib.jose.JsonWebKey
classmethod generate_key(kty, crv_or_size, options=None, is_private=False)

Generate a Key with the given key type, curve name or bit size.

Parameters:
  • kty – string of oct, RSA, EC, OKP
  • crv_or_size – curve name or bit size
  • options – a dict of other options for Key
  • is_private – create a private key or public key
Returns:

Key instance

classmethod import_key(raw, options=None)

Import a Key from bytes, string, PEM or dict.

Returns:Key instance
classmethod import_key_set(raw)

Import KeySet from string, dict or a list of keys.

Returns:KeySet instance
class authlib.jose.Key(payload)

This is the base class for a JSON Web Key.

RAW_KEY_CLS

alias of builtins.bytes

get_op_key(operation)

Get the raw key for the given key_op. This method will also check if the given key_op is supported by this key.

Parameters:operation – key operation value, such as “sign”, “encrypt”.
Returns:raw key
check_key_op(operation)

Check if the given key_op is supported by this key.

Parameters:operation – key operation value, such as “sign”, “encrypt”.
Raise:ValueError
as_key()

Represent this key as raw key.

as_dict(add_kid=False)

Represent this key as a dict of the JSON Web Key.

as_json()

Represent this key as a JSON string.

as_pem()

Represent this key as string in PEM format.

thumbprint()

Implementation of RFC7638 JSON Web Key (JWK) Thumbprint.

class authlib.jose.KeySet(keys)

This class represents a JSON Web Key Set.

as_dict()

Represent this key as a dict of the JSON Web Key Set.

as_json()

Represent this key set as a JSON string.

find_by_kid(kid)

Find the key matches the given kid value.

Parameters:kid – A string of kid
Returns:Key instance
Raise:ValueError
class authlib.jose.OctKey(payload)

Key class of the oct key type.

get_op_key(key_op)

Get the raw key for the given key_op. This method will also check if the given key_op is supported by this key.

Parameters:operation – key operation value, such as “sign”, “encrypt”.
Returns:raw key
classmethod import_key(raw, options=None)

Import a key from bytes, string, or dict data.

classmethod generate_key(key_size=256, options=None, is_private=False)

Generate a OctKey with the given bit size.

class authlib.jose.RSAKey(payload)

Key class of the RSA key type.

as_pem(is_private=False, password=None)

Export key into PEM format bytes.

Parameters:
  • is_private – export private key or public key
  • password – encrypt private key with password
Returns:

bytes

classmethod import_key(raw, options=None)

Import a key from PEM or dict data.

class authlib.jose.ECKey(payload)

Key class of the EC key type.

as_pem(is_private=False, password=None)

Export key into PEM format bytes.

Parameters:
  • is_private – export private key or public key
  • password – encrypt private key with password
Returns:

bytes

classmethod import_key(raw, options=None)

Import a key from PEM or dict data.