Unsupported operand type(s) when using URLSafeTimedSerializer.dumps from itsdangerous


I’m having a problem to initiate a serializer in my Flask project

>>> from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer
>>> s = Serializer ('secret', 30)
>>> token = s.dumps({'user_id': 1}).decode('utf-8')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:UsersDellflaskapp1v_env1Libsite-packagesitsdangerousserializer.py", line 208, in dumps
    rv = self.make_signer(salt).sign(payload)
  File "C:UsersDellflaskapp1v_env1Libsite-packagesitsdangeroustimed.py", line 55, in sign
    return value + sep + self.get_signature(value)
  File "C:UsersDellflaskapp1v_env1Libsite-packagesitsdangeroussigner.py", line 209, in get_signature
    key = self.derive_key()
  File "C:UsersDellflaskapp1v_env1Libsite-packagesitsdangeroussigner.py", line 195, in derive_key
    bytes, self.digest_method(self.salt + b"signer" + secret_key).digest()
TypeError: unsupported operand type(s) for +: 'int' and 'bytes'

I have " itsdangerous 2.1.2 version" package

I’ve tried using code blocks from 2.1.2 itsdangerous version but it throws me a type error in my VScode, that auth_s is not defined, can anyone share any example of itsdangerous 2.1.2 version how to use it in terminal and in VScode, and I tried to install older versions of itsdangerous but it didn’t work.

Asked By: anndi



The problem is the 30 that you used when initializing URLSafeSerializer. That class extends Serializer, which expects either a string or bytes object as the second positional argument, not an integer.

If the second argument is omitted, we can see that the dumps method works:

>>> from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer

>>> s = Serializer('secret')

>>> s.dumps({'user_id': 1})

Note: The .decode('utf-8') is not necessary here – dumps already returns a string. If, for some reason, you needed bytes instead, then you would need .encode('utf-8') instead.

Disclaimer: I cannot comment on the security of this solution – this answer is purely making the code that you presented work, and I don’t know how secure the defaults are here or when they should / shouldn’t be used.

Answered By: dskrypa
Categories: questions Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.