jwtgen
Command line tool that generates JWT tokens that helps in the testing of applications.
Features
- Signatures for HMAC-SHA256, HMAC-SHA384, HMAC-SHA512 and RSA-SHA256
- Issued at (iat) and expiry (exp) values can be configured as offsets
- Claims can be encoded as JSON or as separate arguments
Installation
Install via npm.
npm install -g jwtgen
Getting Started
The following command will generate a JWT using HMAC-SHA256, a shared secret of my-secret
, expires in 1 hour and contains user id of user123
as the iss
value.
jwtgen -a HS256 -s "my-secret" -c "iss=user123" -e 3600
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1NTQwNSwiZXhwIjoxNDU3NTU5MDA1fQ.nixEkSKDkru92TBsxdzR8GLANIGQrkRa7E21
C-luNg
If the same command is run with the -v
option, a more verbose output is displayed.
jwtgen -a HS256 -s "my-secret" -c "iss=user123" -e 3600 -v
algorithm: HS256
claims:
{
"iss": "user1234",
"iat": 1457555405,
"exp": 1457559005
}
token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1NTQwNSwiZXhwIjoxNDU3NTU5MDA1fQ.nixEkSKDkru92TBsxdzR8GLANIGQrkRa7E21
C-luNg
Expired Tokens
Expired tokens can be generated by specifying an offset to the iat
value. The following example issues the token 1 hour (3600 seconds) in the past and expires at the generated time.
jwtgen -a HS256 -s "my-secret" -c "iss=user1234" -i=-3600 -e 3600 -v
algorithm: HS256
claims:
{
"iss": "user1234",
"iat": 1457552128,
"exp": 1457555728
}
token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1MjEyOCwiZXhwIjoxNDU3NTU1NzI4fQ.1SoNk-bCy8l3stfN8q4yrjBjbQkaRWP8AMyP
joDDeHE
Tokens Not Valid Yet
Tokens that are not yet valid can be generated by specifying the iat
value directly as in the following example:
jwtgen -a HS256 -s "my-secret" -c "iss=user1234" -i=1557555728 -e 3600 -v
algorithm: HS256
claims:
{
"iss": "user1234",
"iat": 1557555728,
"exp": 1557559328
}
token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTU
1NzU1NTcyOCwiZXhwIjoxNTU3NTU5MzI4fQ.kFt-wgNGIQmB4z-G47yQqGfPPW1FSeyKTFdl
8h5elOQ
Usage
Running the --help
command will display a list of options that can be used.
jwtgen --help
Usage: jwtgen [options]
Options:
-a, --algorithm algorithm
[required] [choices: "HS256", "HS384", "HS512", "RS256"]
-s, --secret secret value for HMAC algorithm [string]
-p, --private private key file (required for RS256 algorithm) [string]
-c, --claim claim in the form [key=value] [string]
--claims JSON string containing claims [string]
-h, --header header in the form [key=value] [string]
--headers JSON string containing headers [string]
-i, --iat issued at (iat) in seconds from the UNIX epoch [default: now]
-e, --exp expiry date in seconds from issued at (iat) time
-v, --verbose verbose output [boolean]
--help Show help [boolean]
License
Copyright (c) 2016, Vandium Software Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Vandium Software Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL VANDIUM SOFTWARE INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.