jam.jwt.algorithms¶

algorithms ¶

Classes:

Name	Description
`BaseAlgorithm`	Base class for JWT signing algorithms.
`ESAlgorithm`	ECDSA algorithms (ES256, ES384, ES512).
`HSAlgorithm`	HMAC-based algorithms (HS256, HS384, HS512).
`PSAlgorithm`	RSA PSS algorithms (PS256, PS384, PS512).
`RSAlgorithm`	RSA PKCS1v15 algorithms (RS256, RS384, RS512).

Functions:

Name	Description
`create_algorithm`	Create algorithm instance based on algorithm name.

BaseAlgorithm ¶

BaseAlgorithm(
    alg: str,
    secret: KeyLike,
    password: bytes | None,
    logger: BaseLogger,
)

Bases: ABC

Base class for JWT signing algorithms.

Parameters:

Name	Type	Description	Default
`alg`	`str`	Algorithm name	required
`secret`	`KeyLike`	Secret key	required
`password`	`bytes \| None`	Password for private key	required
`logger`	`BaseLogger`	Logger instance	required

Methods:

Name	Description
`sign`	Sign data.
`verify`	Verify signature.

sign `abstractmethod` ¶

sign(data: bytes) -> str

Sign data.

Parameters:

Name	Type	Description	Default
`data`	`bytes`	Data to sign	required

Returns:

Name	Type	Description
`str`	`str`	Base64url encoded signature

verify `abstractmethod` ¶

verify(sig: bytes, data: bytes, key: KeyLike) -> None

Verify signature.

Parameters:

Name	Type	Description	Default
`sig`	`bytes`	Signature to verify	required
`data`	`bytes`	Data that was signed	required
`key`	`KeyLike`	Key for verification	required

Raises:

Type	Description
`ValueError`	If signature is invalid

ESAlgorithm ¶

ESAlgorithm(
    alg: str,
    secret: KeyLike,
    password: bytes | None,
    logger: BaseLogger,
)

Bases: BaseAlgorithm

ECDSA algorithms (ES256, ES384, ES512).

Methods:

Name	Description
`sign`	Sign data using ECDSA.
`verify`	Verify ECDSA signature.

sign ¶

sign(data: bytes) -> str

Sign data using ECDSA.

Parameters:

Name	Type	Description	Default
`data`	`bytes`	Data to sign	required

Returns:

Name	Type	Description
`str`	`str`	Base64url encoded signature

verify ¶

verify(sig: bytes, data: bytes, key: KeyLike) -> None

Verify ECDSA signature.

Parameters:

Name	Type	Description	Default
`sig`	`bytes`	Signature to verify	required
`data`	`bytes`	Data that was signed	required
`key`	`KeyLike`	Key for verification	required

Raises:

Type	Description
`ValueError`	If signature is invalid

HSAlgorithm ¶

HSAlgorithm(
    alg: str,
    secret: KeyLike,
    password: bytes | None,
    logger: BaseLogger,
)

Bases: BaseAlgorithm

HMAC-based algorithms (HS256, HS384, HS512).

Methods:

Name	Description
`sign`	Sign data using HMAC.
`verify`	Verify HMAC signature.

sign ¶

sign(data: bytes) -> str

Sign data using HMAC.

Parameters:

Name	Type	Description	Default
`data`	`bytes`	Data to sign	required

Returns:

Name	Type	Description
`str`	`str`	Base64url encoded signature

verify ¶

verify(sig: bytes, data: bytes, key: KeyLike) -> None

Verify HMAC signature.

Parameters:

Name	Type	Description	Default
`sig`	`bytes`	Signature to verify	required
`data`	`bytes`	Data that was signed	required
`key`	`KeyLike`	Key for verification	required

Raises:

Type	Description
`ValueError`	If signature is invalid

PSAlgorithm ¶

PSAlgorithm(
    alg: str,
    secret: KeyLike,
    password: bytes | None,
    logger: BaseLogger,
)

Bases: BaseAlgorithm

RSA PSS algorithms (PS256, PS384, PS512).

Methods:

Name	Description
`sign`	Sign data using RSA PSS.
`verify`	Verify RSA PSS signature.

sign ¶

sign(data: bytes) -> str

Sign data using RSA PSS.

Parameters:

Name	Type	Description	Default
`data`	`bytes`	Data to sign	required

Returns:

Name	Type	Description
`str`	`str`	Base64url encoded signature

verify ¶

verify(sig: bytes, data: bytes, key: KeyLike) -> None

Verify RSA PSS signature.

Parameters:

Name	Type	Description	Default
`sig`	`bytes`	Signature to verify	required
`data`	`bytes`	Data that was signed	required
`key`	`KeyLike`	Key for verification	required

Raises:

Type	Description
`ValueError`	If signature is invalid

RSAlgorithm ¶

RSAlgorithm(
    alg: str,
    secret: KeyLike,
    password: bytes | None,
    logger: BaseLogger,
)

Bases: BaseAlgorithm

RSA PKCS1v15 algorithms (RS256, RS384, RS512).

Methods:

Name	Description
`sign`	Sign data using RSA PKCS1v15.
`verify`	Verify RSA PKCS1v15 signature.

sign ¶

sign(data: bytes) -> str

Sign data using RSA PKCS1v15.

Parameters:

Name	Type	Description	Default
`data`	`bytes`	Data to sign	required

Returns:

Name	Type	Description
`str`	`str`	Base64url encoded signature

verify ¶

verify(sig: bytes, data: bytes, key: KeyLike) -> None

Verify RSA PKCS1v15 signature.

Parameters:

Name	Type	Description	Default
`sig`	`bytes`	Signature to verify	required
`data`	`bytes`	Data that was signed	required
`key`	`KeyLike`	Key for verification	required

Raises:

Type	Description
`ValueError`	If signature is invalid

create_algorithm ¶

create_algorithm(
    alg: str,
    secret: KeyLike,
    password: bytes | None,
    logger: BaseLogger,
) -> BaseAlgorithm

Create algorithm instance based on algorithm name.

Parameters:

Name	Type	Description	Default
`alg`	`str`	Algorithm name	required
`secret`	`KeyLike`	Secret key	required
`password`	`bytes \| None`	Password for private key	required
`logger`	`BaseLogger`	Logger instance	required

Returns:

Name	Type	Description
`BaseAlgorithm`	`BaseAlgorithm`	Algorithm instance

Raises:

Type	Description
`ValueError`	If algorithm is not supported

jam.jwt.algorithms¶

__algorithms__ ¶

BaseAlgorithm ¶

sign abstractmethod ¶

verify abstractmethod ¶

ESAlgorithm ¶

sign ¶

verify ¶

HSAlgorithm ¶

sign ¶

verify ¶

PSAlgorithm ¶

sign ¶

verify ¶

RSAlgorithm ¶

sign ¶

verify ¶

create_algorithm ¶

algorithms ¶

sign `abstractmethod` ¶

verify `abstractmethod` ¶