JWS API

jose.jws.get_unverified_claims(token)

Returns the decoded claims without verification of any kind.

Parameters:token (str) – A signed JWS to decode the headers from.
Returns:The str representation of the token claims.
Return type:str
Raises:JWSError – If there is an exception decoding the token.
jose.jws.get_unverified_header(token)

Returns the decoded headers without verification of any kind.

Parameters:token (str) – A signed JWS to decode the headers from.
Returns:The dict representation of the token headers.
Return type:dict
Raises:JWSError – If there is an exception decoding the token.
jose.jws.get_unverified_headers(token)

Returns the decoded headers without verification of any kind.

This is simply a wrapper of get_unverified_header() for backwards compatibility.

Parameters:token (str) – A signed JWS to decode the headers from.
Returns:The dict representation of the token headers.
Return type:dict
Raises:JWSError – If there is an exception decoding the token.
jose.jws.sign(payload, key, headers=None, algorithm='HS256')

Signs a claims set and returns a JWS string.

Parameters:
  • payload (str) – A string to sign
  • key (str) – The key to use for signing the claim set
  • headers (dict, optional) – A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers.
  • algorithm (str, optional) – The algorithm to use for signing the the claims. Defaults to HS256.
Returns:

The string representation of the header, claims, and signature.

Return type:

str

Raises:

JWSError – If there is an error signing the token.

Examples

>>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256')
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
jose.jws.verify(token, key, algorithms, verify=True)

Verifies a JWS string’s signature.

Parameters:
  • token (str) – A signed JWS to be verified.
  • key (str) – A key to attempt to verify the payload with.
  • algorithms (str or list) – Valid algorithms that should be used to verify the JWS.
Returns:

The str representation of the payload, assuming the signature is valid.

Return type:

str

Raises:

JWSError – If there is an exception verifying a token.

Examples

>>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
>>> jws.verify(token, 'secret', algorithms='HS256')