reshut.utils

keygen(algorithm, key_size=None)

Generates a key for the specified algorithm.

Parameters:

  • algorithm (Algorithm) – The algorithm to use.

  • key_size (Optional[int]) – If provided, overrides the size of the generated key(s), in bits, if supported by the algorithm. Typically you would not do this.

Raises:

NotImplementedError – Raised when an unsupported algorithm is specified.

Return type:

Union[RsaJwk, EcJwk, OkpJwk, OctetJwk]

Returns:

A JWK representing the generated key.

tokenize(key, claims, *, audience=None, issuer=None, subject=None, expiry=None, not_before=None, issued_at=None, token_id=None)

Tokenize the provided claims, optionally accepting standard JWT claims as args and injecting them anew on top of existing claims.

Parameters:

  • private_key – The private key (or secret) used for signing.

  • claims (dict[str, Any]) – The claims to be tokenized.

  • audience (Union[str, list[str], None]) – Optional aud claim - a string or list of strings.

  • issuer (Optional[str]) – Optional iss claim.

  • subject (Optional[str]) – Optional sub claim.

  • expiry (Optional[int]) – Optional exp claim (unix timestamp).

  • not_before (Optional[int]) – Optional nbf claim (unix timestamp).

  • issued_at (Optional[int]) – Optional iat claim (unix timestamp). If omitted and not present in claims, the current UTC time is used.

  • token_id (Optional[str]) – Optional jti claim.

Return type:

str

Returns:

The claims encoded as a compact-serialization JWT.

Raises:

Exception – If an error occurs while creating the token.

validate(key, token, *, enforce=True, audience=None, issuer=None, subject=None)

Verify a token and return the contained claims.

If “standard claims” are provided as args, the function also checks that those claims match.

Other standard claims such as nbf and are automatically enforced unless enforce_claims=False is specified.

Parameters:

  • public_key – The public key (or secret) used for verification.

  • token (str) – The compact-serialization JWT string to be validated.

  • enforce (bool) – Indicates that “standard claims enforcement” should be performed, for example that nbf is not validated before the indicated time or that exp is not in the past.

  • audience (Optional[str]) – Expected aud claim. Omit to skip validating aud claim.

  • issuer (Optional[str]) – Expected iss claim. Omit to skip validating iss claim.

  • subject (Optional[str]) – Expected sub claim. Omit to skip validating sub claim.

Return type:

dict[str, Any]

Returns:

The decoded claims (as a dict).

Raises:

Exception – If the token is invalid, fails standards-enforcement, or claims do not match expected values.