Identical to ``jwt.decode`` except for return value which is a dictionary containing the token header (JOSE Header), the token payload (JWT Payload), and token signature (JWT Signature) on the keys "header", "payload", and "signature" respectively. :param jwt: the token to b
(
self,
jwt: str | bytes,
key: AllowedPublicKeyTypes = "",
algorithms: Sequence[str] | None = None,
options: Options | None = None,
# deprecated arg, remove in pyjwt3
verify: bool | None = None,
# could be used as passthrough to api_jws, consider removal in pyjwt3
detached_payload: bytes | None = None,
# passthrough arguments to _validate_claims
# consider putting in options
audience: str | Iterable[str] | None = None,
issuer: str | Container[str] | None = None,
subject: str | None = None,
leeway: float | timedelta = 0,
# kwargs
**kwargs: Any,
)
| 172 | ).encode("utf-8") |
| 173 | |
| 174 | def decode_complete( |
| 175 | self, |
| 176 | jwt: str | bytes, |
| 177 | key: AllowedPublicKeyTypes = "", |
| 178 | algorithms: Sequence[str] | None = None, |
| 179 | options: Options | None = None, |
| 180 | # deprecated arg, remove in pyjwt3 |
| 181 | verify: bool | None = None, |
| 182 | # could be used as passthrough to api_jws, consider removal in pyjwt3 |
| 183 | detached_payload: bytes | None = None, |
| 184 | # passthrough arguments to _validate_claims |
| 185 | # consider putting in options |
| 186 | audience: str | Iterable[str] | None = None, |
| 187 | issuer: str | Container[str] | None = None, |
| 188 | subject: str | None = None, |
| 189 | leeway: float | timedelta = 0, |
| 190 | # kwargs |
| 191 | **kwargs: Any, |
| 192 | ) -> dict[str, Any]: |
| 193 | """Identical to ``jwt.decode`` except for return value which is a dictionary containing the token header (JOSE Header), |
| 194 | the token payload (JWT Payload), and token signature (JWT Signature) on the keys "header", "payload", |
| 195 | and "signature" respectively. |
| 196 | |
| 197 | :param jwt: the token to be decoded |
| 198 | :type jwt: str or bytes |
| 199 | :param key: the key suitable for the allowed algorithm |
| 200 | :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPublicKeys` |
| 201 | |
| 202 | :param algorithms: allowed algorithms, e.g. ``["ES256"]`` |
| 203 | |
| 204 | .. warning:: |
| 205 | |
| 206 | Do **not** compute the ``algorithms`` parameter based on |
| 207 | the ``alg`` from the token itself, or on any other data |
| 208 | that an attacker may be able to influence, as that might |
| 209 | expose you to various vulnerabilities (see `RFC 8725 §2.1 |
| 210 | <https://www.rfc-editor.org/rfc/rfc8725.html#section-2.1>`_). Instead, |
| 211 | either hard-code a fixed value for ``algorithms``, or |
| 212 | configure it in the same place you configure the |
| 213 | ``key``. Make sure not to mix symmetric and asymmetric |
| 214 | algorithms that interpret the ``key`` in different ways |
| 215 | (e.g. HS\\* and RS\\*). |
| 216 | :type algorithms: typing.Sequence[str] or None |
| 217 | |
| 218 | :param jwt.types.Options options: extended decoding and validation options |
| 219 | Refer to :py:class:`jwt.types.Options` for more information. |
| 220 | |
| 221 | :param audience: optional, the value for ``verify_aud`` check |
| 222 | :type audience: str or typing.Iterable[str] or None |
| 223 | :param issuer: optional, the value for ``verify_iss`` check |
| 224 | :type issuer: str or typing.Container[str] or None |
| 225 | :param leeway: a time margin in seconds for the expiration check |
| 226 | :type leeway: float or datetime.timedelta |
| 227 | :rtype: dict[str, typing.Any] |
| 228 | :returns: Decoded JWT with the JOSE Header on the key ``header``, the JWS |
| 229 | Payload on the key ``payload``, and the JWS Signature on the key ``signature``. |
| 230 | """ |
| 231 | if kwargs: |