jpadilla · auvipy · Oct 3, 2021 · Sep 29, 2021 · Sep 29, 2021 · Sep 29, 2021
diff --git a/jwt/algorithms.py b/jwt/algorithms.py
@@ -243,22 +243,21 @@ def __init__(self, hash_alg):
             self.hash_alg = hash_alg
 
         def prepare_key(self, key):
-            if isinstance(key, RSAPrivateKey) or isinstance(key, RSAPublicKey):
+            if isinstance(key, (RSAPrivateKey, RSAPublicKey)):
                 return key
 
-            if isinstance(key, (bytes, str)):
-                key = force_bytes(key)
-
-                try:
-                    if key.startswith(b"ssh-rsa"):
-                        key = load_ssh_public_key(key)
-                    else:
-                        key = load_pem_private_key(key, password=None)
-                except ValueError:
-                    key = load_pem_public_key(key)
-            else:
+            if not isinstance(key, (bytes, str)):
                 raise TypeError("Expecting a PEM-formatted key.")
 
+            key = force_bytes(key)
+
+            try:
+                if key.startswith(b"ssh-rsa"):
+                    key = load_ssh_public_key(key)
+                else:
+                    key = load_pem_private_key(key, password=None)
+            except ValueError:
+                key = load_pem_public_key(key)
             return key
 
         @staticmethod
@@ -395,28 +394,25 @@ def __init__(self, hash_alg):
             self.hash_alg = hash_alg
 
         def prepare_key(self, key):
-            if isinstance(key, EllipticCurvePrivateKey) or isinstance(
-                key, EllipticCurvePublicKey
-            ):
+            if isinstance(key, (EllipticCurvePrivateKey, EllipticCurvePublicKey)):
                 return key
 
-            if isinstance(key, (bytes, str)):
-                key = force_bytes(key)
-
-                # Attempt to load key. We don't know if it's
-                # a Signing Key or a Verifying Key, so we try
-                # the Verifying Key first.
-                try:
-                    if key.startswith(b"ecdsa-sha2-"):
-                        key = load_ssh_public_key(key)
-                    else:
-                        key = load_pem_public_key(key)
-                except ValueError:
-                    key = load_pem_private_key(key, password=None)
-
-            else:
+            if not isinstance(key, (bytes, str)):
                 raise TypeError("Expecting a PEM-formatted key.")
 
+            key = force_bytes(key)
+
+            # Attempt to load key. We don't know if it's
+            # a Signing Key or a Verifying Key, so we try
+            # the Verifying Key first.
+            try:
+                if key.startswith(b"ecdsa-sha2-"):
+                    key = load_ssh_public_key(key)
+                else:
+                    key = load_pem_public_key(key)
+            except ValueError:
+                key = load_pem_private_key(key, password=None)
+
             return key
 
         def sign(self, msg, key):

diff --git a/jwt/api_jws.py b/jwt/api_jws.py
@@ -90,9 +90,6 @@ def encode(
         if headers and "alg" in headers and headers["alg"]:
             algorithm = headers["alg"]
 
-        if algorithm not in self._valid_algs:
-            pass
-
         # Header
         header = {"typ": self.header_typ, "alg": algorithm}
 

diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
@@ -204,7 +204,7 @@ def _validate_aud(self, payload, audience):
         if isinstance(audience, str):
             audience = [audience]
 
-        if not any(aud in audience_claims for aud in audience):
+        if all(aud not in audience_claims for aud in audience):
             raise InvalidAudienceError("Invalid audience")
 
     def _validate_iss(self, payload, issuer):

diff --git a/jwt/jwks_client.py b/jwt/jwks_client.py
@@ -26,13 +26,13 @@ def get_jwk_set(self) -> PyJWKSet:
 
     def get_signing_keys(self) -> List[PyJWK]:
         jwk_set = self.get_jwk_set()
-        signing_keys = []
+        signing_keys = [
+            jwk_set_key
+            for jwk_set_key in jwk_set.keys
+            if jwk_set_key.public_key_use in ["sig", None] and jwk_set_key.key_id
+        ]
 
-        for jwk_set_key in jwk_set.keys:
-            if jwk_set_key.public_key_use in ["sig", None] and jwk_set_key.key_id:
-                signing_keys.append(jwk_set_key)
-
-        if len(signing_keys) == 0:
+        if not signing_keys:
             raise PyJWKClientError("The JWKS endpoint did not contain any signing keys")
 
         return signing_keys

diff --git a/jwt/utils.py b/jwt/utils.py
@@ -59,8 +59,7 @@ def from_base64url_uint(val: Union[str, bytes]) -> int:
 
 def number_to_bytes(num: int, num_bytes: int) -> bytes:
     padded_hex = "%0*x" % (2 * num_bytes, num)
-    big_endian = binascii.a2b_hex(padded_hex.encode("ascii"))
-    return big_endian
+    return binascii.a2b_hex(padded_hex.encode("ascii"))
 
 
 def bytes_to_number(string: bytes) -> int:
@@ -72,7 +71,7 @@ def bytes_from_int(val: int) -> bytes:
     byte_length = 0
 
     while remaining != 0:
-        remaining = remaining >> 8
+        remaining >>= 8
         byte_length += 1
 
     return val.to_bytes(byte_length, "big", signed=False)