How to use the jwt.utils.force_bytes function in jwt
To help you get started, we’ve selected a few jwt examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
jpadilla / pyjwt / tests / test_utils.py View on Github 
def test_force_bytes_raises_error_on_invalid_object():
with pytest.raises(TypeError):
force_bytes({})def test_constant_time_compare_returns_false_if_diff_lengths(self):
assert not constant_time_compare(
force_bytes("abc"), force_bytes("abcd")
)def test_encode_decode_with_rsa_sha512(self, jws, payload):
# PEM-formatted RSA key
with open("tests/keys/testkey_rsa", "r") as rsa_priv_file:
priv_rsakey = load_pem_private_key(
force_bytes(rsa_priv_file.read()),
password=None,
backend=default_backend(),
)
jws_message = jws.encode(payload, priv_rsakey, algorithm="RS512")
with open("tests/keys/testkey_rsa.pub", "r") as rsa_pub_file:
pub_rsakey = load_ssh_public_key(
force_bytes(rsa_pub_file.read()), backend=default_backend()
)
jws.decode(jws_message, pub_rsakey)
# string-formatted key
with open("tests/keys/testkey_rsa", "r") as rsa_priv_file:
priv_rsakey = rsa_priv_file.read()
jws_message = jws.encode(payload, priv_rsakey, algorithm="RS512")"""
This test verifies that HMAC verification works with a known good
signature and key.
Reference: https://tools.ietf.org/html/rfc7520#section-4.4
"""
signing_input = force_bytes(
"eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZ"
"jMxNGJjNzAzNyJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ"
"29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIG"
"lmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmc"
"gd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4"
)
signature = base64url_decode(
force_bytes("s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0")
)
algo = HMACAlgorithm(HMACAlgorithm.SHA256)
key = algo.prepare_key(load_hmac_key())
result = algo.verify(signing_input, key, signature)
assert resultdef decode_value(val):
decoded = base64url_decode(force_bytes(val))
return int_from_bytes(decoded, "big")def auth(app):
with open('tests/keys/testkey_rsa.pub', 'r') as rsa_pub_file:
app.config.update({
'RESTY_JWT_DECODE_KEY': {
'foo.com': load_ssh_public_key(
force_bytes(rsa_pub_file.read()),
backend=default_backend(),
),
},
'RESTY_JWT_DECODE_ALGORITHMS': ['RS256'],
})
authentication = JwtAuthentication(issuer='resty')
class UserAuthorization(HasAnyCredentialsAuthorization):
def filter_query(self, query, view):
return query.filter(
view.model.owner_id == self.get_request_credentials()['sub'],
)
return {
'authentication': authentication,def test_ec_verify_should_return_false_if_signature_invalid(self):
algo = ECAlgorithm(ECAlgorithm.SHA256)
jwt_message = force_bytes("Hello World!")
jwt_sig = base64.b64decode(
force_bytes(
"AC+m4Jf/xI3guAC6w0w37t5zRpSCF6F4udEz5LiMiTIjCS4vcVe6dDOxK+M"
"mvkF8PxJuvqxP2CO3TR3okDPCl/NjATTO1jE+qBZ966CRQSSzcCM+tzcHzw"
"LZS5kbvKu0Acd/K6Ol2/W3B1NeV5F/gjvZn/jOwaLgWEUYsg0o4XVrAg65"
)
)
jwt_sig += force_bytes("123") # Signature is now invalid
with open(key_path("testkey_ec.pub"), "r") as keyfile:
jwt_pub_key = algo.prepare_key(keyfile.read())
result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
assert not result"""
This test verifies that ECDSA verification works with a known good
signature and key.
Reference: https://tools.ietf.org/html/rfc7520#section-4.3
"""
signing_input = force_bytes(
"eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhb"
"XBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb"
"3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdS"
"Bkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmU"
"geW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4"
)
signature = base64url_decode(
force_bytes(
"AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9P"
"lon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890j"
"l8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2"
)
)
algo = ECAlgorithm(ECAlgorithm.SHA512)
key = algo.prepare_key(load_ec_pub_key())
result = algo.verify(signing_input, key, signature)
assert resultdef prepare_key(self, key):
key = force_bytes(key)
invalid_strings = [
b"-----BEGIN PUBLIC KEY-----",
b"-----BEGIN CERTIFICATE-----",
b"-----BEGIN RSA PUBLIC KEY-----",
b"ssh-rsa",
]
if any([string_value in key for string_value in invalid_strings]):
raise InvalidKeyError(
"The specified key is an asymmetric key or x509 certificate and"
" should not be used as an HMAC secret."
)
return key
Popular jwt functions
- jwt.algorithms.HMACAlgorithm
- jwt.algorithms.RSAAlgorithm
- jwt.algorithms.RSAAlgorithm.from_jwk
- jwt.contrib.algorithms.pycrypto.RSAAlgorithm
- jwt.decode
- jwt.DecodeError
- jwt.encode
- jwt.exceptions
- jwt.exceptions.DecodeError
- jwt.exceptions.ExpiredSignatureError
- jwt.exceptions.InvalidKeyError
- jwt.exceptions.InvalidTokenError
- jwt.exceptions.MissingRequiredClaimError
- jwt.ExpiredSignature
- jwt.ExpiredSignatureError
- jwt.get_unverified_header
- jwt.InvalidTokenError
- jwt.utils.base64url_decode
- jwt.utils.base64url_encode
- jwt.utils.force_bytes