ItsDangerous

2.2.0 verified Tue May 12 auth: no python install: verified quickstart: verified

ItsDangerous is designed to safely pass data to untrusted environments and back. The current version is 2.2.0, with feature releases being frequent and focused on supporting the latest features and removing deprecated code.

pip install itsdangerous

Common errors

error ModuleNotFoundError: No module named 'itsdangerous' ↓

cause The 'itsdangerous' library is not installed in your Python environment or is not accessible within the current project's virtual environment.

fix

Install the library using pip: pip install itsdangerous

error ImportError: cannot import name 'TimedJSONWebSignatureSerializer' from 'itsdangerous' ↓

cause The `TimedJSONWebSignatureSerializer` class was deprecated and removed in `itsdangerous` version 2.0.0.

fix

Replace TimedJSONWebSignatureSerializer with URLSafeTimedSerializer (or TimedSerializer if URL-safety is not required). Example: from itsdangerous import URLSafeTimedSerializer as Serializer

error itsdangerous.exc.BadSignature: Signature '...' does not match ↓

cause This error occurs when the provided signature does not match the computed signature, often due to using a different secret key, a tampered payload, or an incorrect salt between signing and unsigning.

fix

Ensure the same secret_key (and salt, if used) is consistently used for both signing and unsigning. Also, verify that the signed data has not been modified.

error itsdangerous.exc.SignatureExpired: Signature age X > Y seconds ↓

cause A time-based signature has been received and validated, but its timestamp indicates that it is older than the `max_age` specified during the unsigning process.

fix

Increase the max_age parameter when unsigning the token, or generate a new signature if the old one is genuinely stale and needs to be refreshed. Example: signer.unsign(token, max_age=3600) (for 1 hour).

Warnings

breaking Some previously deprecated features were removed in version 2.2.0. ↓

fix Update your code to use the latest features as per the 2.2.0 documentation.

gotcha Ensure your secret key is strong and kept confidential. ↓

fix Use a sufficiently long and random string for the secret key.

gotcha Running pip as the 'root' user can result in broken permissions and conflicting behavior with the system package manager. ↓

fix It is recommended to use a virtual environment or run pip as a non-root user.

Install compatibility verified last tested: 2026-05-12

python os / libc status wheel install import disk

3.10 alpine (musl) - - 0.03s 17.9M

3.10 slim (glibc) - - 0.02s 18M

3.11 alpine (musl) - - 0.04s 19.7M

3.11 slim (glibc) - - 0.04s 20M

3.12 alpine (musl) - - 0.03s 11.6M

3.12 slim (glibc) - - 0.03s 12M

3.13 alpine (musl) - - 0.03s 11.2M

3.13 slim (glibc) - - 0.03s 12M

3.9 alpine (musl) - - 0.03s 17.4M

3.9 slim (glibc) - - 0.02s 18M

Imports

URLSafeSerializer
```
from itsdangerous import URLSafeSerializer
```
Ensure that you import from the correct module for serialization.

Quickstart verified last tested: 2026-04-23

Basic usage of ItsDangerous for serializing and deserializing data.

from itsdangerous import URLSafeSerializer

serializer = URLSafeSerializer('secret-key')
serialized_data = serializer.dumps({'data': 'value'})
deserialized_data = serializer.loads(serialized_data)
print(deserialized_data)