{"id":20660633,"url":"https://github.com/direct-actions/jwt","last_synced_at":"2026-06-22T06:31:27.357Z","repository":{"id":262906056,"uuid":"888727249","full_name":"direct-actions/jwt","owner":"direct-actions","description":"GitHub Action to Decode, Encode, Sign \u0026 Verify JSON Web Tokens (JWTs) with options including masking, JSON object dump \u0026 more.","archived":false,"fork":false,"pushed_at":"2024-11-19T21:03:59.000Z","size":23,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-05T18:06:44.093Z","etag":null,"topics":["action","jwt"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/json-web-token-jwt","language":"jq","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/direct-actions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-14T22:41:05.000Z","updated_at":"2024-11-19T21:04:00.000Z","dependencies_parsed_at":"2024-11-15T00:19:33.933Z","dependency_job_id":"33b730f6-5d33-44c0-bc10-61037e801412","html_url":"https://github.com/direct-actions/jwt","commit_stats":null,"previous_names":["direct-actions/jwt"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/direct-actions/jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/direct-actions%2Fjwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/direct-actions%2Fjwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/direct-actions%2Fjwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/direct-actions%2Fjwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/direct-actions","download_url":"https://codeload.github.com/direct-actions/jwt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/direct-actions%2Fjwt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34637937,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-22T02:00:06.391Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","jwt"],"created_at":"2024-11-16T19:05:37.161Z","updated_at":"2026-06-22T06:31:27.340Z","avatar_url":"https://github.com/direct-actions.png","language":"jq","funding_links":[],"categories":[],"sub_categories":[],"readme":"# jwt\nGitHub Action to Decode, Encode, Sign \u0026 Verify RFC-7519 compliant JSON Web\nTokens (JWTs) with options including masking, JSON object dump \u0026 more.\n\n# Usage\n## Decoding\nTo decode \u0026 verify an existing token, pass it via the `jwt` input parameter.\n```\n    - name: JSON Web Token (JWT)\n      uses: direct-actions/jwt@v1\n      with:\n        enable-display: true\n        jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\n```\nSetting `enable-display: true` will display a dump of the token fields, metadata,\nand status of verification.\n\n## Encoding\nTo encode a token, simply pass the payload in either YAML or JSON format - it\nwill be converted to compact/minify'd JSON before being encoded.\n```\n    - name: JSON Web Token (JWT)\n      id: jwt\n      uses: direct-actions/jwt@v1\n      with:\n        enable-display: true\n        payload: |\n          sub: '1234567890'\n          name: John Doe\n          iat: 1516239022\n        secret: 'your-256-bit-secret'\n```\nThe JWT is accessible via the `jwt` output (ex: `steps.jwt.outputs.jwt`).\n\n## Encoding with dynamic payload\nSince the payload is JSON, the [jq Direct action](https://github.com/direct-actions/jq)\nmakes for a very convenient way to build out a dynamic payload.\n```\n    - id: jq\n      uses: direct-actions/jq@v1\n      with:\n        input-command: uuidgen\n        filter: |\n          def now_plus_minutes($minutes):\n            now | round + (60 * $minutes)\n            ;\n          {\n            exp: now_plus_minutes(60 * 24 * 7),  # now + 1 week\n            iat: now_plus_minutes(0),            # now\n            jti: .,                              # use UUID generated by input-command\n            nbf: now_plus_minutes(60),           # now + 1 hour\n          }\n        raw-input: true\n\n    - name: JSON Web Token (JWT) - Encode custom token\n      uses: ./\n      with:\n        payload: ${{ steps.jq.outputs.output }}\n        secret: RaNDoM+S3cR3t\n```\n\n## Masking\nGitHub Actions seems to have hardcoded in masking of any string beginning with\nthe default/most common HS256 JWT header (`eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9`).\nTo dump a JWT to the Actions console, I simply base64 them,\n(`echo '${{ steps.jwt-encode.outputs.jwt }}' | openssl base64 -e -A`), or you\ncan override the default header and insert a bogus key/value at the beginning:\n```\n    header: |\n      abc: def\n      alg: ${ALGORITHM}\n      typ: JWT\n```\nTo force masking, use the `enable-mask-jwt: true` input.\n\n# Limitations / TODO\n- Currently, this action only supports the common HS256 symmetric key signing\n cipher. I would like to add public key signing, but there is no roadmap.\n- Even when `enable-mask-signature` is enabled, the Base64 (non-url-safe)\n version of the signature is not masked. This needs to be fixed.\n- Error out instead of failing on invalid input\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdirect-actions%2Fjwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdirect-actions%2Fjwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdirect-actions%2Fjwt/lists"}