1 files changed, 42 insertions, 0 deletions

diff --git a/docs/jws.rst b/docs/jws.rst
new file mode 100644
index 0000000..da12253
--- /dev/null
+++ b/docs/jws.rst
@@ -0,0 +1,42 @@
+.. module:: itsdangerous.jws
+
+JSON Web Signature (JWS)
+========================
+
+JSON Web Signatures (JWS) work similarly to the existing URL safe
+serializer but will emit headers according to `draft-ietf-jose-json-web
+-signature <http://self-issued.info/docs/draft-ietf-jose-json-web
+-signature.html>`_.
+
+.. code-block:: python
+
+    from itsdangerous import JSONWebSignatureSerializer
+    s = JSONWebSignatureSerializer("secret-key")
+    s.dumps({"x": 42})
+    'eyJhbGciOiJIUzI1NiJ9.eyJ4Ijo0Mn0.ZdTn1YyGz9Yx5B5wNpWRL221G1WpVE5fPCPKNuc6UAo'
+
+When loading the value back the header will not be returned by default
+like with the other serializers. However it is possible to also ask for
+the header by passing ``return_header=True``. Custom header fields can
+be provided upon serialization:
+
+.. code-block:: python
+
+    s.dumps(0, header_fields={"v": 1})
+    'eyJhbGciOiJIUzI1NiIsInYiOjF9.MA.wT-RZI9YU06R919VBdAfTLn82_iIQD70J_j-3F4z_aM'
+    s.loads(
+        "eyJhbGciOiJIUzI1NiIsInYiOjF9"
+        ".MA.wT-RZI9YU06R919VBdAfTLn82_iIQD70J_j-3F4z_aM"
+    )
+    (0, {'alg': 'HS256', 'v': 1})
+
+itsdangerous only provides HMAC SHA derivatives and the none algorithm
+at the moment and does not support the ECC based ones. The algorithm in
+the header is checked against the one of the serializer and on a
+mismatch a :exc:`~itsdangerous.exc.BadSignature` exception is raised.
+
+.. autoclass:: JSONWebSignatureSerializer
+    :members:
+
+.. autoclass:: TimedJSONWebSignatureSerializer
+    :members: