从 Authlib 迁移到 joserfc¶
joserfc
is derived from Authlib and shares similar implementations
of algorithms. However, it is important to note that the APIs are different
between the two libraries. When migrating your code from Authlib to joserfc
,
you will need to update your code to accommodate the new API structure
and functionality.
JWT¶
Migrating JWT (JSON Web Token) operations from Authlib to joserfc
involves
some considerations regarding security design and the allowed algorithms.
jwt.encode¶
The interface for JWT operations in both authlib.jose
and joserfc
is quite similar.
In both libraries, you can encode a JWT using the jwt.encode(header, payload, key)
method.
from authlib.jose import jwt
jwt.encode({"alg": "HS256"}, {"iss": "https://jose.authlib.org"}, "secret")
from joserfc import jwt
from joserfc.jwk import OctKey
key = OctKey.import_key("secret")
jwt.encode({"alg": "HS256"}, {"iss": "https://jose.authlib.org"}, key)
jwt.decode¶
The jwt.decode
method in Authlib and joserfc
behaves differently when it
comes to claims validation.
In Authlib, the jwt.decode
method combines the decoding of the JWT and the
validation of its claims into a single step.
from authlib.jose import jwt
s = '...' # The JWT to decode
# Decode and validate the token's claims
token = jwt.decode(s, key, claims_options)
In joserfc
, the jwt.decode
process is split into two steps: decoding the
token and then separately validating its claims. This approach provides more
flexibility and allows for granular control over the validation process.
from joserfc import jwt
s = '...' # The JWT to decode
token = jwt.decode(s, key)
claims_requests = jwt.JWTClaimsRegistry(
iss={"essential": True, "value": "https://authlib.org"},
)
claims_requests.validate(token.claims)
You can learn more about claims validation on the JSON Web Token guide.
JWS¶
When migrating JWS (JSON Web Signature) operations from Authlib to joserfc
,
follow these steps:
from authlib.jose import JsonWebSignature
jws = JsonWebSignature()
protected = {'alg': 'HS256'}
payload = b"example"
value = jws.serialize_compact(protected, payload, "secret")
jws.deserialize_compact(value, "secret")
from joserfc import jws
from joserfc.jwk import OctKey
key = OctKey.import_key("secret")
protected = {"alg': 'HS256"}
payload = b"example"
value = jws.serialize_compact(protected, payload, key)
jws.deserialize_compact(value, key)
Above is a simple example of using the HS256
algorithm for JWS. If you would like
to explore further and learn more about JWS, we recommend referring to the comprehensive
JSON Web Signature guide.
JWE¶
The method names for JWE serialization and deserialization are different
between Authlib and joserfc
.
In Authlib, the methods for JWE serialization and deserialization are:
.serialize_compact(header, payload, key)
.deserialize_compact(token, key)
from authlib.jose import JsonWebEncryption
jwe = JsonWebEncryption()
jwe.serialize_compact(header, payload, key)
jwe.deserialize_compact(token, key)
In joserfc
, the equivalent methods for JWE serialization and deserialization are:
.encrypt_compact(header, payload, key)
.decrypt_compact(token, key)
from joserfc import jwe
jwe.encrypt_compact(header, payload, key)
jwe.decrypt_compact(token, key)
If you would like to explore further and learn more about JWS, we recommend referring to the comprehensive JSON Web Encryption guide.