使用TimedJSONWebSerializer - App Backend Server进行令牌集成时出现了baddangerous.BadSignature错误?

时间:2016-07-02 00:16:47

标签: python api flask token restful-authentication

我正在通过只有后端和客户端知道的secret_key对用户进行身份验证,并通过Postman中的标头传递。到目前为止,我的代码如下:

from itsdangerous import TimedJSONWebSignatureSerializer
from constants import SECRET_KEY

@app.route('/authUser', methods=['POST'])
def authUser():
    secret_key = request.headers['secret_key']

    if secret_key is None:
        return "400"
    elif secret_key != SECRET_KEY: # SECRET_KEY is a constant that has been imported from constants.py
        return "400"
    else:
        s = TimedJSONWebSignatureSerializer(app.config['SECRET_KEY'], expires_in=3600)
        token = s.dumps({'user_id' : user_id})
        print (s.loads(token))
        return token

此代码抛出以下错误:

Traceback (most recent call last):

  File "C:/Users/vaibhav/PycharmProjects/Coding/Coding.py", line 15, in <module>
    print (s.loads(token))
  File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 798, in loads
    self, s, salt, return_header=True)
  File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 752, in loads
    self.make_signer(salt, self.algorithm).unsign(want_bytes(s)),
  File "C:\Users\vaibhav\Anaconda\lib\site-packages\itsdangerous.py", line 377, in unsign
    payload=value)
itsdangerous.BadSignature: Signature 'Ch8y6BDMIIBdIGM0lmjdAimINvP3PnUmBpOp-jDW18w' does not match

如果我改变了行:

s = TimedJSONWebSignatureSerializer(app.config['SECRET-KEY'], expires_in=3600)

到此:

s = TimedJSONWebSignatureSerializer('SECRET-KEY', expires_in=3600)

代码没有问题。

QUETSION:请告诉我为什么这样做符合Configuration Handlingapp.config('SECRET-KEY')也会返回一个密钥。

enter image description here

我在本网站上提到学习令牌认证:

RESTful Authentication with Flask
提前致谢!

1 个答案:

答案 0 :(得分:1)

首先要确保设置密钥,例如

app.secret_key = 'whatever the secret is'

这将初始化秘密。

相关问题
最新问题