itsdangerous.BadSignature 使用 TimedJSONWebSerializer 进行令牌集成时出错 - 应用后端服务器?
itsdangerous.BadSignature error in token integration using TimedJSONWebSerializer - App Backend Server?
我通过仅后端和客户端知道的 secret_key 对用户进行身份验证,并通过 Postman 中的 headers 传递。到目前为止我的代码如下:
from itsdangerous import TimedJSONWebSignatureSerializer
from constants import SECRET_KEY
@app.route('/authUser', methods=['POST'])
def authUser():
secret_key = request.headers['secret_key']
if secret_key is None:
return "400"
elif secret_key != SECRET_KEY: # SECRET_KEY is a constant that has been imported from constants.py
return "400"
else:
s = TimedJSONWebSignatureSerializer(app.config['SECRET_KEY'], expires_in=3600)
token = s.dumps({'user_id' : user_id})
print (s.loads(token))
return token
此代码抛出以下错误:
Traceback (most recent call last):
File "C:/Users/vaibhav/PycharmProjects/Coding/Coding.py", line 15, in <module>
print (s.loads(token))
File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 798, in loads
self, s, salt, return_header=True)
File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 752, in loads
self.make_signer(salt, self.algorithm).unsign(want_bytes(s)),
File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 377, in unsign
payload=value)
itsdangerous.BadSignature: Signature 'Ch8y6BDMIIBdIGM0lmjdAimINvP3PnUmBpOp-jDW18w' does not match
如果我改行:
s = TimedJSONWebSignatureSerializer(app.config['SECRET-KEY'], expires_in=3600)
对此:
s = TimedJSONWebSignatureSerializer('SECRET-KEY', expires_in=3600)
代码没有问题。
问题:请告诉我为什么这也是根据 Configuration Handling、app.config('SECRET-KEY') returns 密钥工作的原因。
我参考了这个网站来学习令牌认证:
你能不能先确定你设置了秘钥,比如
app.secret_key = 'whatever the secret is'
这将初始化秘密。
我通过仅后端和客户端知道的 secret_key 对用户进行身份验证,并通过 Postman 中的 headers 传递。到目前为止我的代码如下:
from itsdangerous import TimedJSONWebSignatureSerializer
from constants import SECRET_KEY
@app.route('/authUser', methods=['POST'])
def authUser():
secret_key = request.headers['secret_key']
if secret_key is None:
return "400"
elif secret_key != SECRET_KEY: # SECRET_KEY is a constant that has been imported from constants.py
return "400"
else:
s = TimedJSONWebSignatureSerializer(app.config['SECRET_KEY'], expires_in=3600)
token = s.dumps({'user_id' : user_id})
print (s.loads(token))
return token
此代码抛出以下错误:
Traceback (most recent call last):
File "C:/Users/vaibhav/PycharmProjects/Coding/Coding.py", line 15, in <module>
print (s.loads(token))
File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 798, in loads
self, s, salt, return_header=True)
File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 752, in loads
self.make_signer(salt, self.algorithm).unsign(want_bytes(s)),
File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 377, in unsign
payload=value)
itsdangerous.BadSignature: Signature 'Ch8y6BDMIIBdIGM0lmjdAimINvP3PnUmBpOp-jDW18w' does not match
如果我改行:
s = TimedJSONWebSignatureSerializer(app.config['SECRET-KEY'], expires_in=3600)
对此:
s = TimedJSONWebSignatureSerializer('SECRET-KEY', expires_in=3600)
代码没有问题。
问题:请告诉我为什么这也是根据 Configuration Handling、app.config('SECRET-KEY') returns 密钥工作的原因。
我参考了这个网站来学习令牌认证:
你能不能先确定你设置了秘钥,比如
app.secret_key = 'whatever the secret is'
这将初始化秘密。