Encode the ``payload`` as JSON Web Token. :param payload: JWT claims, e.g. ``dict(iss=..., aud=..., sub=...)`` :type payload: dict[str, typing.Any] :param key: a key suitable for the chosen algorithm: * for **asymmetric algorithms**: PEM-formatted private key, a
(
self,
payload: dict[str, Any],
key: AllowedPrivateKeyTypes,
algorithm: str | None = _ALGORITHM_UNSET, # type: ignore[assignment]
headers: dict[str, Any] | None = None,
json_encoder: type[json.JSONEncoder] | None = None,
sort_headers: bool = True,
)
| 88 | return {**self.options, **options} |
| 89 | |
| 90 | def encode( |
| 91 | self, |
| 92 | payload: dict[str, Any], |
| 93 | key: AllowedPrivateKeyTypes, |
| 94 | algorithm: str | None = _ALGORITHM_UNSET, # type: ignore[assignment] |
| 95 | headers: dict[str, Any] | None = None, |
| 96 | json_encoder: type[json.JSONEncoder] | None = None, |
| 97 | sort_headers: bool = True, |
| 98 | ) -> str: |
| 99 | """Encode the ``payload`` as JSON Web Token. |
| 100 | |
| 101 | :param payload: JWT claims, e.g. ``dict(iss=..., aud=..., sub=...)`` |
| 102 | :type payload: dict[str, typing.Any] |
| 103 | :param key: a key suitable for the chosen algorithm: |
| 104 | |
| 105 | * for **asymmetric algorithms**: PEM-formatted private key, a multiline string |
| 106 | * for **symmetric algorithms**: plain string, sufficiently long for security |
| 107 | |
| 108 | :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPrivateKeys` |
| 109 | :param algorithm: algorithm to sign the token with, e.g. ``"ES256"``. |
| 110 | If ``headers`` includes ``alg``, it will be preferred to this parameter. |
| 111 | If ``key`` is a :class:`PyJWK` object, by default the key algorithm will be used. |
| 112 | :type algorithm: str or None |
| 113 | :param headers: additional JWT header fields, e.g. ``dict(kid="my-key-id")``. |
| 114 | :type headers: dict[str, typing.Any] or None |
| 115 | :param json_encoder: custom JSON encoder for ``payload`` and ``headers`` |
| 116 | :type json_encoder: json.JSONEncoder or None |
| 117 | |
| 118 | :rtype: str |
| 119 | :returns: a JSON Web Token |
| 120 | |
| 121 | :raises TypeError: if ``payload`` is not a ``dict`` |
| 122 | """ |
| 123 | # Check that we get a dict |
| 124 | if not isinstance(payload, dict): |
| 125 | raise TypeError( |
| 126 | "Expecting a dict object, as JWT only supports " |
| 127 | "JSON objects as payloads." |
| 128 | ) |
| 129 | |
| 130 | # Payload |
| 131 | payload = payload.copy() |
| 132 | for time_claim in ["exp", "iat", "nbf"]: |
| 133 | # Convert datetime to a intDate value in known time-format claims |
| 134 | if isinstance(payload.get(time_claim), datetime): |
| 135 | payload[time_claim] = timegm(payload[time_claim].utctimetuple()) |
| 136 | |
| 137 | # Issue #1039, iss being set to non-string |
| 138 | if "iss" in payload and not isinstance(payload["iss"], str): |
| 139 | raise TypeError("Issuer (iss) must be a string.") |
| 140 | |
| 141 | json_payload = self._encode_payload( |
| 142 | payload, |
| 143 | headers=headers, |
| 144 | json_encoder=json_encoder, |
| 145 | ) |
| 146 | |
| 147 | return self._jws.encode( |