pyeudiw.sd_jwt package
Submodules
pyeudiw.sd_jwt.common module
pyeudiw.sd_jwt.disclosure module
pyeudiw.sd_jwt.exceptions module
- exception pyeudiw.sd_jwt.exceptions.MissingConfirmationKey[source]
Bases:
ExceptionRaised when a given VP not contain a confirmation key
pyeudiw.sd_jwt.holder module
- class pyeudiw.sd_jwt.holder.SDJWTHolder(sd_jwt_issuance: str, serialization_format: str = 'compact')[source]
Bases:
SDJWTCommonSDJWTHolder is a class to create a holder presentation from a SD-JWT.
- create_presentation(claims_to_disclose: dict | bool | None, nonce: str | None = None, aud: str | None = None, holder_key: ECKey | RSAKey | OKPKey | SYMKey | None = None, sign_alg: str | None = None) None[source]
Create a holder presentation from the SD-JWT.
- Parameters:
claims_to_disclose – The claims to disclose. If True, all claims are disclosed.
nonce – The nonce to include in the key binding JWT.
aud – The audience to include in the key binding JWT.
holder_key – The key to sign the key binding JWT with.
sign_alg – The signing algorithm to use for the key binding JWT.
- hs_disclosures: List
- key_binding_jwt_header: Dict
- key_binding_jwt_payload: Dict
- sd_jwt_presentation: str
- serialized_key_binding_jwt: str = ''
pyeudiw.sd_jwt.issuer module
- class pyeudiw.sd_jwt.issuer.SDJWTIssuer(user_claims: Dict, issuer_keys: Dict | List[Dict], holder_key=None, sign_alg=None, add_decoy_claims: bool = False, serialization_format: str = 'compact', extra_header_parameters: dict = {})[source]
Bases:
SDJWTCommon- DECOY_MAX_ELEMENTS = 5
- DECOY_MIN_ELEMENTS = 2
- decoy_digests: List
- ii_disclosures: List
- sd_jwt: JWS
- sd_jwt_issuance: str
- sd_jwt_payload: Dict
- serialized_sd_jwt: str
pyeudiw.sd_jwt.schema module
- class pyeudiw.sd_jwt.schema.KeyBindingJwtHeader(*, typ: str, alg: str)[source]
Bases:
BaseModel- alg: str
- model_config = {}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
- typ: str
- class pyeudiw.sd_jwt.schema.KeyBindingJwtPayload(*, iat: int, aud: str, nonce: str, sd_hash: str)[source]
Bases:
BaseModel- aud: str
- iat: int
- model_config = {}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
- nonce: str
- sd_hash: str
- class pyeudiw.sd_jwt.schema.VcSdJwtHeaderSchema(*, typ: str, alg: str, kid: str | None = None, trust_chain: list[str] | None = None, x5c: str | None = None, vctm: list[str] | None = None)[source]
Bases:
BaseModel- alg: str
- kid: str | None
- model_config = {}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
- trust_chain: list[str] | None
- typ: str
- vctm: list[str] | None
- x5c: str | None
- class pyeudiw.sd_jwt.schema.VcSdJwtPayloadSchema(*, iss: HttpUrl, sub: str, iat: int, exp: int, status: dict, cnf: Dict[Literal['jwk'], JwkSchema], vct: str, verification: dict)[source]
Bases:
BaseModel- exp: int
- iat: int
- iss: HttpUrl
- model_config = {}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
- model_post_init(context: Any, /) None
This function is meant to behave like a BaseModel method to initialise private attributes.
It takes context as an argument since that’s what pydantic-core passes when calling it.
- Args:
self: The BaseModel instance. context: The context.
- status: dict
- sub: str
- vct: str
- verification: dict
pyeudiw.sd_jwt.sd_jwt module
- class pyeudiw.sd_jwt.sd_jwt.SdJwt(token: str)[source]
Bases:
objectSdJwt is an utility class to easily parse and verify sd jwt. All class attributes are intended to be read only
- get_confirmation_key() dict[source]
Get the confirmation key from the issuer payload claims.
- Raises:
MissingConfirmationKey – if the confirmation key is missing
- Returns:
the confirmation key
- Return type:
dict
- get_disclosed_claims() dict[source]
Get the disclosed claims from the issuer payload
- Raises:
UnsupportedSdAlg – if the sd_alg is not supported
ValueError – if there are duplicate digests
- Returns:
the disclosed claims
- Return type:
dict
- get_holder_key_binding_jwt() str[source]
Get the holder key binding jwt
- Returns:
the holder key binding jwt
- Return type:
str
- get_issuer_jwt() DecodedJwt[source]
Get the issuer jwt
- Returns:
the issuer jwt
- Return type:
- has_key_binding() bool[source]
Check if the token has a key binding
- Returns:
True if the token has a key binding, False otherwise
- Return type:
bool
- verify_holder_kb_jwt(challenge: VerifierChallenge) None[source]
Checks validity of holder key binding. This procedure always passes when no key binding is used
- Raises:
UnsupportedSdAlg – if verification fails due to an unkown _sd_alg
InvalidKeyBinding – if the verification fails for an invalid key binding
ValueError – if the iat claim is missing or invalid
JWSVerificationError – if the verification fails
- verify_holder_kb_jwt_signature() None[source]
Verify the holder key binding signature
- Raises:
JWSVerificationError – if the verification fails
- verify_issuer_jwt_signature(keys: list[ECKey | RSAKey | dict] | ECKey | RSAKey | dict) None[source]
Verify the issuer jwt signature
- Parameters:
keys (list[ECKey | RSAKey | dict] | ECKey | RSAKey | dict) – the public key(s) to use to verify the issuer jwt signature
- Raises:
JWSVerificationError – if the verification fails
pyeudiw.sd_jwt.verifier module
- class pyeudiw.sd_jwt.verifier.SDJWTVerifier(sd_jwt_presentation: str, cb_get_issuer_key: Callable[[str, Dict], str], expected_aud: str | None = None, expected_nonce: str | None = None, serialization_format: str = 'compact')[source]
Bases:
SDJWTCommon