JWS API

jose.jws.get_unverified_claims(token)

Returns the decoded claims without verification of any kind.

Parameters

token (str) – A signed JWS to decode the headers from.

Returns

The str representation of the token claims.

Return type

str

Raises

JWSError – If there is an exception decoding the token.

jose.jws.get_unverified_header(token)

Returns the decoded headers without verification of any kind.

Parameters

token (str) – A signed JWS to decode the headers from.

Returns

The dict representation of the token headers.

Return type

dict

Raises

JWSError – If there is an exception decoding the token.

jose.jws.get_unverified_headers(token)

Returns the decoded headers without verification of any kind.

This is simply a wrapper of get_unverified_header() for backwards compatibility.

Parameters

token (str) – A signed JWS to decode the headers from.

Returns

The dict representation of the token headers.

Return type

dict

Raises

JWSError – If there is an exception decoding the token.

jose.jws.sign(payload, key, headers=None, algorithm='HS256')

Signs a claims set and returns a JWS string.

Parameters
  • payload (str or dict) – A string to sign

  • key (str or dict) – The key to use for signing the claim set. Can be individual JWK or JWK set.

  • headers (dict, optional) – A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers.

  • algorithm (str, optional) – The algorithm to use for signing the the claims. Defaults to HS256.

Returns

The string representation of the header, claims, and signature.

Return type

str

Raises

JWSError – If there is an error signing the token.

Examples

>>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256')
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
jose.jws.verify(token, key, algorithms, verify=True)

Verifies a JWS string’s signature.

Parameters
  • token (str) – A signed JWS to be verified.

  • key (str or dict) – A key to attempt to verify the payload with. Can be individual JWK or JWK set.

  • algorithms (str or list) – Valid algorithms that should be used to verify the JWS.

Returns

The str representation of the payload, assuming the signature is valid.

Return type

str

Raises

JWSError – If there is an exception verifying a token.

Examples

>>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
>>> jws.verify(token, 'secret', algorithms='HS256')