File: authlib.rst

package info (click to toggle)
joserfc 1.6.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,468 kB
  • sloc: python: 8,023; makefile: 18
file content (157 lines) | stat: -rw-r--r-- 4,376 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
Migrating from Authlib
======================

``joserfc`` is derived from Authlib and shares similar implementations
of algorithms. However, it is important to note that the APIs are different
between the two libraries. When migrating your code from Authlib to ``joserfc``,
you will need to update your code to accommodate the new API structure
and functionality.

JWT
---

Migrating JWT (JSON Web Token) operations from Authlib to ``joserfc`` involves
some considerations regarding security design and the allowed algorithms.

jwt.encode
~~~~~~~~~~

The interface for JWT operations in both ``authlib.jose`` and ``joserfc`` is quite similar.
In both libraries, you can encode a JWT using the ``jwt.encode(header, payload, key)`` method.

.. code-block:: python
    :caption: Authlib

    from authlib.jose import jwt

    jwt.encode({"alg": "HS256"}, {"iss": "https://jose.authlib.org"}, "your-secret-key")


.. code-block:: python
    :caption: joserfc

    from joserfc import jwt
    from joserfc.jwk import OctKey

    key = OctKey.import_key("your-secret-key")
    jwt.encode({"alg": "HS256"}, {"iss": "https://jose.authlib.org"}, key)

jwt.decode
~~~~~~~~~~

The ``jwt.decode`` method in Authlib and ``joserfc`` behaves differently when it
comes to claims validation.

In Authlib, the ``jwt.decode`` method combines the decoding of the JWT and the
validation of its claims into a single step.

.. code-block:: python

    from authlib.jose import jwt

    s = '...'  # The JWT to decode
    # Decode and validate the token's claims
    token = jwt.decode(s, key, claims_options)

In ``joserfc``, the ``jwt.decode`` process is split into two steps: decoding the
token and then separately validating its claims. This approach provides more
flexibility and allows for granular control over the validation process.

.. code-block:: python

    from joserfc import jwt

    s = '...'  # The JWT to decode
    token = jwt.decode(s, key)

    claims_requests = jwt.JWTClaimsRegistry(
        iss={"essential": True, "value": "https://authlib.org"},
    )
    claims_requests.validate(token.claims)

You can learn more about :ref:`claims validation <claims>` on the :ref:`jwt` guide.

JWK
---

When using methods such as ``.as_dict``, ``.as_bytes``, ``.as_pem``, and others,
``joserfc`` uses the parameter name ``private``, whereas ``authlib.jose`` uses
``is_private``:

.. code-block:: python
    :caption: Authlib

    key.as_dict(is_private=True)

.. code-block:: python
    :caption: joserfc

    key.as_dict(private=True)

JWS
---

When migrating JWS (JSON Web Signature) operations from Authlib to ``joserfc``,
follow these steps:

.. code-block:: python
    :caption: Authlib
    :emphasize-lines: 1,2

    from authlib.jose import JsonWebSignature
    jws = JsonWebSignature()

    protected = {'alg': 'HS256'}
    payload = b"example"
    value = jws.serialize_compact(protected, payload, "your-secret-key")
    jws.deserialize_compact(value, "your-secret-key")

.. code-block:: python
    :caption: joserfc

    from joserfc import jws
    from joserfc.jwk import OctKey

    key = OctKey.import_key("your-secret-key")
    protected = {"alg': 'HS256"}
    payload = b"example"
    value = jws.serialize_compact(protected, payload, key)
    jws.deserialize_compact(value, key)

Above is a simple example of using the ``HS256`` algorithm for JWS. If you would like
to explore further and learn more about JWS, we recommend referring to the comprehensive
:ref:`jws` guide.

JWE
---

The method names for JWE serialization and deserialization are different
between Authlib and ``joserfc``.

In Authlib, the methods for JWE serialization and deserialization are:

- ``.serialize_compact(header, payload, key)``
- ``.deserialize_compact(token, key)``

.. code-block:: python

    from authlib.jose import JsonWebEncryption

    jwe = JsonWebEncryption()
    jwe.serialize_compact(header, payload, key)
    jwe.deserialize_compact(token, key)

In ``joserfc``, the equivalent methods for JWE serialization and deserialization are:

- ``.encrypt_compact(header, payload, key)``
- ``.decrypt_compact(token, key)``

.. code-block:: python

    from joserfc import jwe

    jwe.encrypt_compact(header, payload, key)
    jwe.decrypt_compact(token, key)

If you would like to explore further and learn more about JWS, we recommend referring to
the comprehensive :ref:`jwe` guide.