Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mattroberts297/jsonwebtokencli

A simple command line interface (CLI) for the jsonwebtoken (JWT) library
https://github.com/mattroberts297/jsonwebtokencli

cli jwt

Last synced: 10 days ago
JSON representation

A simple command line interface (CLI) for the jsonwebtoken (JWT) library

Host: GitHub
URL: https://github.com/mattroberts297/jsonwebtokencli
Owner: mattroberts297
License: mit
Created: 2017-04-05T06:25:52.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2022-12-22T10:37:03.000Z (almost 2 years ago)
Last Synced: 2024-10-16T05:31:57.130Z (22 days ago)
Topics: cli, jwt
Language: JavaScript
Size: 85 KB
Stars: 28
Watchers: 3
Forks: 4
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# JSON Web Token CLI

[![Build status](https://travis-ci.org/mattroberts297/jsonwebtokencli.svg?branch=master)](https://travis-ci.org/mattroberts297/jsonwebtokencli)
[![npm version](https://badge.fury.io/js/jsonwebtokencli.svg)](https://badge.fury.io/js/jsonwebtokencli)

A simple command line interface (CLI) for the `jsonwebtoken` (JWT) library that can encode and decode both HS256 and RS256 tokens.

## Installation

```bash
npm install --global jsonwebtokencli
```

## Show help

```bash
jwt
```

Returns:
```bash
jsonwebtokencli

A json web token command line interface

Options

-h, --help Display this help
-d, --decode Decode an encoded jwt token
-e, --encode Encode a decoded jwt token - requires secret or private key
-s, --secret string Used with decode and encode - when used with decode the jwt token is verified
--private-key-file string Used with encode - the key to sign a decoded jwt token with
--public-key-file string When used with decode the encoded jwt token is verified
-t, --timestamp Used with encode - whether or not to include iat
--algorithm string Used with encode - supported values include HS256, HS384 and RS256
--algorithms string[] Used with decode - requires secret or private key
--jwt string The jwt to decode or encode - falls back to stdin
```

## HS256 Examples

### Decode a HS256 token

```bash
jwt --decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
```

```json
{"sub":"1234567890","name":"John Doe","admin":true}
```

### Verify a HS256 token using secret

```bash
jwt --decode --secret secret eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
```

```json
{"sub":"1234567890","name":"John Doe","admin":true}
```

### Encode a HS256 token using secret

```bash
jwt --encode --secret secret '{"sub":"1234567890","name":"John Doe","admin":true}'
```

```
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
```

## RS256 Examples

### Decode a RS256 token

```bash
jwt --decode 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.EkN-DOsnsuRjRO6BxXemmJDm3HbxrbRzXglbN2S4sOkopdU4IsDxTI8jO19W_A4K8ZPJijNLis4EZsHeY559a4DFOd50_OqgHGuERTqYZyuhtF39yxJPAjUESwxk2J5k_4zM3O-vtd1Ghyo4IbqKKSy6J9mTniYJPenn5-HIirE'
```

```json
{"sub":"1234567890","name":"John Doe","admin":true}
```

### Verify a RS256 token using public key

```bash
cat > public.key < private.key < /usr/local/lib/node_modules/jsonwebtokencli/main.js
```

Check it worked:

```bash
$ which jwt
/usr/local/bin/jwt
```

Unlink when finished:

```bash
$ npm unlink
```

## Known Issues

- There is little to no validation performed, so error messages leave a lot to be desired.