RFC7517: JSON Web Key

This section contains the generic implementation of RFC7517. Find how to use it in JWK Guide.

API Reference

class authlib.jose.JsonWebKey
classmethod generate_key(kty, crv_or_size, options=None, is_private=False)

Generate a Key with the given key type, curve name or bit size.

Parameters
  • kty – string of oct, RSA, EC, OKP

  • crv_or_size – curve name or bit size

  • options – a dict of other options for Key

  • is_private – create a private key or public key

Returns

Key instance

classmethod import_key(raw, options=None)

Import a Key from bytes, string, PEM or dict.

Returns

Key instance

classmethod import_key_set(raw)

Import KeySet from string, dict or a list of keys.

Returns

KeySet instance

class authlib.jose.Key(payload)

This is the base class for a JSON Web Key.

RAW_KEY_CLS

alias of builtins.bytes

get_op_key(operation)

Get the raw key for the given key_op. This method will also check if the given key_op is supported by this key.

Parameters

operation – key operation value, such as “sign”, “encrypt”.

Returns

raw key

check_key_op(operation)

Check if the given key_op is supported by this key.

Parameters

operation – key operation value, such as “sign”, “encrypt”.

Raise

ValueError

as_key()

Represent this key as raw key.

as_dict(add_kid=False)

Represent this key as a dict of the JSON Web Key.

as_json()

Represent this key as a JSON string.

as_pem()

Represent this key as string in PEM format.

thumbprint()

Implementation of RFC7638 JSON Web Key (JWK) Thumbprint.

class authlib.jose.KeySet(keys)

This class represents a JSON Web Key Set.

as_dict()

Represent this key as a dict of the JSON Web Key Set.

as_json()

Represent this key set as a JSON string.

find_by_kid(kid)

Find the key matches the given kid value.

Parameters

kid – A string of kid

Returns

Key instance

Raise

ValueError

class authlib.jose.OctKey(payload)

Key class of the oct key type.

get_op_key(key_op)

Get the raw key for the given key_op. This method will also check if the given key_op is supported by this key.

Parameters

operation – key operation value, such as “sign”, “encrypt”.

Returns

raw key

classmethod import_key(raw, options=None)

Import a key from bytes, string, or dict data.

classmethod generate_key(key_size=256, options=None, is_private=False)

Generate a OctKey with the given bit size.

class authlib.jose.RSAKey(payload)

Key class of the RSA key type.

as_pem(is_private=False, password=None)

Export key into PEM format bytes.

Parameters
  • is_private – export private key or public key

  • password – encrypt private key with password

Returns

bytes

classmethod import_key(raw, options=None)

Import a key from PEM or dict data.

class authlib.jose.ECKey(payload)

Key class of the EC key type.

as_pem(is_private=False, password=None)

Export key into PEM format bytes.

Parameters
  • is_private – export private key or public key

  • password – encrypt private key with password

Returns

bytes

classmethod import_key(raw, options=None)

Import a key from PEM or dict data.