Errors & Warnings

Here are some common errors and warnings, and how to handle them.

SecurityWarning

Added in version 1.2.0.

You may encounter a SecurityWarning when using potentially unsafe algorithms or generating insecure keys. These warnings do not interrupt the execution of your application — they are simply printed to standard output (e.g., your terminal).

If you prefer to suppress these warnings, you can use Python’s built-in warnings module:

import warnings
from joserfc.errors import SecurityWarning

warnings.simplefilter('ignore', SecurityWarning)

With this configuration, SecurityWarning messages will no longer appear. Be cautious when suppressing these warnings, as they are meant to alert you to potentially insecure practices.

UnsupportedAlgorithmError

Added in version 1.1.0.

By default, ONLY recommended Algorithms are allowed. With non recommended algorithms, you may encounter the UnsupportedAlgorithmError error.

>>> from joserfc import jws
>>> from joserfc.jwk import OctKey
>>> key = OctKey.generate_key()
>>> jws.serialize_compact({"alg": "HS384"}, b"payload", key)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File ".../joserfc/jws.py", line 112, in serialize_compact
    alg: JWSAlgModel = registry.get_alg(protected["alg"])
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File ".../joserfc/_rfc7515/registry.py", line 60, in get_alg
    raise UnsupportedAlgorithmError(f'Algorithm of "{name}" is not recommended')
joserfc.errors.UnsupportedAlgorithmError: unsupported_algorithm: Algorithm of "HS384" is not recommended

Because “HS384” is not a recommended algorithm, it is not allowed by default. You SHOULD enable it manually by passing an algorithms parameter:

>>> jws.serialize_compact({"alg": "HS384"}, b"payload", key, algorithms=["HS384"])