JWT API¶
This part of the documentation covers all the interfaces of joserfc.jwt
.
- class joserfc.jwt.ClaimsOption¶
- class joserfc.jwt.JWTClaimsRegistry(now: int | None = None, leeway: int = 0, **kwargs: ClaimsOption)¶
- validate_aud(value: str | list[str]) None ¶
The "aud" (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the "aud" claim when this claim is present, then the JWT MUST be rejected. In the general case, the "aud" value is an array of case-sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value. The interpretation of audience values is generally application specific. Use of this claim is OPTIONAL.
- validate_exp(value: int) None ¶
The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of the "exp" claim requires that the current date/time MUST be before the expiration date/time listed in the "exp" claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL.
- validate_iat(value: int) None ¶
The "iat" (issued at) claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL.
- validate_nbf(value: int) None ¶
The "nbf" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the "nbf" claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the "nbf" claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value MUST be a number containing a NumericDate value. Use of this claim is OPTIONAL.
- class joserfc.jwt.Token(header: Dict[str, Any], claims: Dict[str, Any])¶
The extracted token object, which contains
header
andclaims
.- 参数:
header -- the header part of the JWT
claims -- the payload part of the JWT
- claims¶
payload claims in dict
- header¶
header in dict
- joserfc.jwt.check_sensitive_data(claims: Dict[str, Any]) None ¶
Check if claims contains sensitive information.
- joserfc.jwt.decode(value: bytes | str, key: str | bytes | OctKey | RSAKey | ECKey | OKPKey | KeySet | Callable[[GuestProtocol], str | bytes | OctKey | RSAKey | ECKey | OKPKey | KeySet], algorithms: list[str] | None = None, registry: JWSRegistry | JWERegistry | None = None) Token ¶
Decode the JSON Web Token string with the given key, and validate it with the claims requests.
- 参数:
value -- text of the JWT
key -- key used to verify the signature
algorithms -- a list of allowed algorithms
registry -- a
JWSRegistry
orJWERegistry
to use
- Raise:
BadSignatureError
- joserfc.jwt.encode(header: Dict[str, Any], claims: Dict[str, Any], key: str | bytes | OctKey | RSAKey | ECKey | OKPKey | KeySet | Callable[[GuestProtocol], str | bytes | OctKey | RSAKey | ECKey | OKPKey | KeySet], algorithms: list[str] | None = None, registry: JWSRegistry | JWERegistry | None = None) str ¶
Encode a JSON Web Token with the given header, and claims.
- 参数:
header -- A dict of the JWT header
claims -- A dict of the JWT claims to be encoded
key -- key used to sign the signature
algorithms -- a list of allowed algorithms
registry -- a
JWSRegistry
orJWERegistry
to use