https://github.com/authlib/joserfc
Implementations of JOSE RFCs in Python
https://github.com/authlib/joserfc
jose jwa jwe jwk jws jwt
Last synced: about 2 months ago
JSON representation
Implementations of JOSE RFCs in Python
- Host: GitHub
- URL: https://github.com/authlib/joserfc
- Owner: authlib
- License: bsd-3-clause
- Created: 2023-02-05T12:55:51.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2025-06-19T06:46:57.000Z (7 months ago)
- Last Synced: 2025-06-19T07:43:18.866Z (7 months ago)
- Topics: jose, jwa, jwe, jwk, jws, jwt
- Language: Python
- Homepage: https://jose.authlib.org
- Size: 1.06 MB
- Stars: 111
- Watchers: 6
- Forks: 13
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Contributing: docs/contributing/authors.rst
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Security: docs/security.rst
Awesome Lists containing this project
README
`joserfc` is a Python library that provides a comprehensive implementation of several essential JSON Object Signing and Encryption (JOSE) standards.
[](https://github.com/authlib/joserfc/actions)
[](https://pypi.org/project/joserfc)
[](https://anaconda.org/conda-forge/joserfc)
[](https://pypistats.org/packages/joserfc)
[](https://codecov.io/gh/authlib/joserfc)
[](https://sonarcloud.io/summary/new_code?id=authlib_joserfc)
[](https://sonarcloud.io/summary/new_code?id=authlib_joserfc)
## Usage
A quick and simple JWT encoding and decoding would look something like this:
```python
from joserfc import jwt
from joserfc.jwk import OctKey
key = OctKey.import_key("secret")
encoded = jwt.encode({"alg": "HS256"}, {"k": "value"}, key)
# 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrIjoidmFsdWUifQ.ni-MJXnZHpFB_8L9P9yllj3RNDfzmD4yBKAyefSctMY'
token = jwt.decode(encoded, key)
print(token.header)
# {'alg': 'HS256', 'typ': 'JWT'}
print(token.claims)
# {'k': 'value'}
# validate claims (if needed)
claims_requests = jwt.JWTClaimsRegistry()
claims_requests.validate(token.claims)
```
## Features
It follows RFCs with extensible API. The module has implementations of:
- RFC7515: [JSON Web Signature](https://jose.authlib.org/en/dev/guide/jws/)
- RFC7516: [JSON Web Encryption](https://jose.authlib.org/en/dev/guide/jwe/)
- RFC7517: [JSON Web Key](https://jose.authlib.org/en/dev/guide/jwk/)
- RFC7518: [JSON Web Algorithms](https://jose.authlib.org/en/dev/guide/algorithms/)
- RFC7519: [JSON Web Token](https://jose.authlib.org/en/dev/guide/jwt/)
- RFC7520: Examples of Protecting Content Using JSON Object Signing and Encryption
- RFC7638: [JSON Web Key (JWK) Thumbprint](https://jose.authlib.org/en/guide/jwk/#thumbprint)
- RFC7797: [JSON Web Signature (JWS) Unencoded Payload Option](https://jose.authlib.org/en/dev/guide/jws/#rfc7797)
- RFC8037: `OKP` Key and `EdDSA` algorithm
- RFC8812: `ES256K` algorithm
- RFC9278: [JWK Thumbprint URI](https://jose.authlib.org/en/guide/jwk/#thumbprint-uri)
- RFC9864: `Ed25519` and `Ed448` algorithms
And draft RFCs implementation of:
- [`C20P` and `XC20P`](https://jose.authlib.org/en/dev/guide/algorithms/#c20p-and-xc20p)
- [Key Agreement with Elliptic Curve Diffie-Hellman One-Pass Unified Model](https://jose.authlib.org/en/dev/guide/algorithms/#ecdh-1pu-algorithms)
- draft-ietf-jose-deprecate-none-rsa15-02
## Useful Links
- Documentation: https://jose.authlib.org/
- Blog: https://blog.authlib.org/.
- Twitter: https://twitter.com/authlib.
## License
2023, Hsiaoming Yang. Under BSD-3 license.