JWT API¶
This part of the documentation covers all the interfaces of joserfc.jwt
.
- class joserfc.jwt.ClaimsOption¶
- class joserfc.jwt.ClaimsRegistry(**kwargs: ClaimsOption)¶
Requesting “claims” for JWT with the given conditions.
- class joserfc.jwt.JWTClaimsRegistry(now: int | None = None, leeway: int = 0, **kwargs: ClaimsOption)¶
- validate_exp(value: int) None ¶
The “exp” (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the “exp” claim requires that the current date/time MUST be before the expiration date/time listed in the “exp” claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL.
- validate_iat(value: int) None ¶
The “iat” (issued at) claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL.
- validate_nbf(value: int) None ¶
The “nbf” (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the “nbf” claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the “nbf” claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL.
- class joserfc.jwt.Token(header: dict[str, Any], claims: dict[str, Any])¶
The extracted token object, which contains
header
andclaims
.- Parameters:
header – the header part of the JWT
claims – the payload part of the JWT
- claims¶
payload claims in dict
- header¶
header in dict
- joserfc.jwt.check_sensitive_data(claims: dict[str, Any]) None ¶
Check if claims contains sensitive information.
- joserfc.jwt.decode(value: bytes | str, key: OctKey | RSAKey | ECKey | OKPKey | KeySet | Callable[[GuestProtocol], OctKey | RSAKey | ECKey | OKPKey | KeySet], algorithms: list[str] | None = None, registry: JWSRegistry | JWERegistry | None = None, decoder_cls: Type[JSONDecoder] | None = None) Token ¶
Decode the JSON Web Token string with the given key, and validate it with the claims requests.
- Parameters:
value – text of the JWT
key – key used to verify the signature
algorithms – a list of allowed algorithms
registry – a
JWSRegistry
orJWERegistry
to usedecoder_cls – A JSONDecoder subclass to use
- Raise:
BadSignatureError
- joserfc.jwt.encode(header: dict[str, Any], claims: dict[str, Any], key: OctKey | RSAKey | ECKey | OKPKey | KeySet | Callable[[GuestProtocol], OctKey | RSAKey | ECKey | OKPKey | KeySet], algorithms: list[str] | None = None, registry: JWSRegistry | JWERegistry | None = None, encoder_cls: Type[JSONEncoder] | None = None) str ¶
Encode a JSON Web Token with the given header, and claims.
- Parameters:
header – A dict of the JWT header
claims – A dict of the JWT claims to be encoded
key – key used to sign the signature
algorithms – a list of allowed algorithms
registry – a
JWSRegistry
orJWERegistry
to useencoder_cls – A JSONEncoder subclass to use