RFC7638: JSON Web Key (JWK) Thumbprint

Added in version v0.15.

authlib.jose

JOSE implementation in Authlib. Tracking the status of JOSE specs at https://tools.ietf.org/wg/jose/

This RFC7638 is used for computing a hash value over a JSON Web Key (JWK). The value can be used as an identity of the JWK.

The .thumbprint method is defined on the Key class, you can use it directly:

from authlib.jose import JsonWebKey

raw = read_file('rsa.pem')
key = JsonWebKey.import_key(raw)

key.thumbprint()

If a key has no kid, you can add the value of .thumbprint() as a kid:

key['kid'] = key.thumbprint()

This method is available on every Key class, including OctKey, RSAKey, ECKey, and OKPKey.