RFC 7515#
RFC7515 defines JSON Web Signature (JWS), a specification for representing digitally signed or MAC-protected content using JSON-based data structures.
Definition#
RFC 7515 specifies the complete framework for creating and validating JSON Web Signatures. The specification includes:
JWS Header#
The JWS Header is a set of metadata that describes how the JWS object is constructed and verified. RFC 7515 defines a registry of header parameters, including:
alg— the algorithm used to generate the signature or MAC (required)jwk/jku— a JSON Web Key or URL pointing to a key setkid— a key identifier that helps recipients select the correct keytypandcty— type and content-type hintscrit— a list of critical header parameters that must be understood by the verifier
The header must be encoded as a Base64URL-encoded JSON object when used in compact serialization, and may appear as either a protected or unprotected header in JSON serialization.
Compact Serialization#
The compact serialization format represents a JWS as a single, period-separated string consisting of three parts:
<protected-header>.<payload>.<signature>
Each part is Base64URL-encoded. This format is designed to be:
minimal and URL-safe
suitable for HTTP headers, query parameters, and tokens such as JWT
Compact serialization supports exactly one signature, with no unprotected headers.
JSON Serialization#
JSON serialization uses a structured JSON object to represent a JWS. It is designed for use cases that require more flexibility than the compact form. A JSON-serialized JWS can include:
multiple signatures over the same payload
both protected and unprotected headers
richer metadata, such as per-signature header values
The primary fields defined in RFC 7515 are:
payload— the Base64URL-encoded contentsignatures— an array of signature objects, each containing: -protected— a Base64URL-encoded header -header— an unprotected header (optional) -signature— the Base64URL-encoded signature value
JSON serialization is not intended for compact transmission but is ideal for multi-party signing, debugging, and more expressive JOSE workflows.
Implementation#
All features defined in RFC 7515 are fully implemented in joserfc.
Private modules#
The source code resides in the private module joserfc/_rfc7515:
JWS algorithms base models
JWS algorithm registry
Compact Serialization
JSON Serialization
Public exports#
You should always interact with JWS functionality via joserfc.jws, rather
than importing from the private module directly.
joserfc.jws.serialize_compact(): Construct JWS compact serialization.joserfc.jws.deserialize_compact(): Parse JWS compact serialization.joserfc.jws.serialize_json(): Construct JWS JSON serialization.joserfc.jws.deserialize_json(): Parse JWS JSON serialization.