JWT API#
文档的这一部分涵盖了 joserfc.jwt 的所有接口。
- class joserfc.jwt.BaseClaimsRegistry(**kwargs: ClaimsOption)#
Requesting "claims" for JWT with the given conditions.
- check_value(claim_name: str, value: Any) None#
Validates a given claim value based on predefined options.
- 参数:
claim_name -- The name of the claim to validate.
value -- 要验证的声明值。
- 抛出:
InvalidClaimError -- If the value does not meet the claim's validation requirements.
- property essential_keys: set[str]#
Returns the essential claim names.
- validate(claims: dict[str, Any]) None#
Validates the provided claims against specified requirements and checks.
- 参数:
claims -- A dictionary containing claims to validate.
- 抛出:
InvalidClaimError -- Raised if any claim fails validation.
MissingClaimError -- Raised if one or more essential keys are missing.
- class joserfc.jwt.ClaimsOption#
- class joserfc.jwt.JWTClaimsRegistry(now: int | Callable[[], int] | None = None, leeway: int = 0, **kwargs: ClaimsOption)#
A claims registry for validating JWT claims.
- 参数:
now -- timestamp of "now" time
leeway -- leeway time in seconds
kwargs -- claims options
- property now: int#
Returns the current timestamp.
- validate_aud(value: str | list[str]) None#
The "aud" (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the "aud" claim when this claim is present, then the JWT MUST be rejected. In the general case, the "aud" value is an array of case- sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value. The interpretation of audience values is generally application specific. Use of this claim is OPTIONAL.
- validate_exp(value: int) None#
“exp”(到期时间)声明标识 JWT 必须在或之后的到期时间。处理“exp”声明要求当前日期/时间必须早于“exp”声明中列出的到期日期/时间。实现者可以提供一些小的余地,通常不超过几分钟,以考虑时钟偏差。其值必须是包含 NumericDate 值的数字。使用此声明是可选的。
- validate_iat(value: int) None#
“iat”(签发时间)声明标识 JWT 的签发时间。此声明可用于确定 JWT 的年龄。其值必须是包含 NumericDate 值的数字。使用此声明是可选的。
- validate_iss(value: str) None#
The "iss" (issuer) claim identifies the principal that issued the JWT. The processing of this claim is generally application specific. The "iss" value is a case-sensitive string containing a StringOrURI value. Use of this claim is OPTIONAL.
- validate_nbf(value: int) None#
“nbf”(不早于)声明标识 JWT 必须在之前的时间。处理“nbf”声明要求当前日期/时间必须晚于或等于“nbf”声明中列出的不早于日期/时间。实现者可以提供一些小的余地,通常不超过几分钟,以考虑时钟偏差。其值必须是包含 NumericDate 值的数字。使用此声明是可选的。
- validate_sub(value: str) None#
The "sub" (subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject. The subject value MUST either be scoped to be locally unique in the context of the issuer or be globally unique. The processing of this claim is generally application specific. The "sub" value is a case-sensitive string containing a StringOrURI value. Use of this claim is OPTIONAL.
- class joserfc.jwt.Token(header: dict[str, Any], claims: dict[str, Any])#
提取的 Token 对象,包含
header和claims。- 参数:
header -- JWT 的 header 部分
claims -- JWT 的有效载荷 (payload) 部分
- claims#
字典形式的有效载荷 (payload) 声明 (claims)
- header#
字典形式的 header
- joserfc.jwt.check_sensitive_data(claims: dict[str, Any]) None#
Checks for sensitive data within a dictionary of claims and raises an error if any sensitive names or values are detected.
- 参数:
claims -- JWT claims to check for sensitive data
- 抛出:
InsecureClaimError -- if any sensitive names or values are detected
- joserfc.jwt.decode(value: bytes | str, key: OctKey | RSAKey | ECKey | OKPKey | KeySet | Callable[[GuestProtocol], OctKey | RSAKey | ECKey | OKPKey | KeySet], algorithms: Collection[str] | None = None, registry: JWSRegistry | JWERegistry | None = None, decoder_cls: type[JSONDecoder] | None = None) Token#
使用给定的密钥解码 JSON Web Token 字符串,并使用声明请求进行验证。
- 参数:
value -- JWT 的文本
key -- 用于验证签名的密钥
algorithms -- a collection (list, tuple, or set) of allowed algorithms
registry -- 要使用的
JWSRegistry或JWERegistrydecoder_cls -- A JSONDecoder subclass to use
- 抛出:
BadSignatureError -- when signature verification fails
InvalidPayloadError -- 当载荷(payload)不是有效的 JSON 对象
- joserfc.jwt.encode(header: dict[str, Any], claims: dict[str, Any], key: OctKey | RSAKey | ECKey | OKPKey | KeySet | Callable[[GuestProtocol], OctKey | RSAKey | ECKey | OKPKey | KeySet], algorithms: Collection[str] | None = None, registry: JWSRegistry | JWERegistry | None = None, encoder_cls: type[JSONEncoder] | None = None, default_type: str | None = 'JWT') str#
使用给定的 header 和声明 (claims) 编码 JSON Web Token。
- 参数:
header -- 字典形式的 JWT header 部分
claims -- 用来编码的字典形式的 JWT claims 部分
key -- 用于签名的密钥
algorithms -- a collection (list, tuple, or set) of allowed algorithms
registry -- 要使用的
JWSRegistry或JWERegistryencoder_cls -- 要使用的 JSONEncoder 子类
default_type -- default value of the
typheader parameter