[keycloak-user] Example for decoding JWT Token in Shell
Thomas Darimont
thomas.darimont at googlemail.com
Thu Sep 8 11:20:20 EDT 2016
Hello group,
just found an interesting example for decoding a JWT token in the shell.
Perhaps some of you might find that handy... see below.
Cheers,
Thomas
KC_REALM=acme-test
KC_USERNAME=tester
KC_PASSWORD=test
KC_CLIENT=app1
KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032
KC_URL="http://localhost:8081/auth"
# Request Tokens for credentials
KC_RESPONSE=$( \
curl -k -v \
-d "username=$KC_USERNAME" \
-d "password=$KC_PASSWORD" \
-d 'grant_type=password' \
-d "client_id=$KC_CLIENT" \
-d "client_secret=$KC_CLIENT_SECRET" \
"$KC_URL/realms/$KC_REALM/protocol/openid-connect/token" \
| jq .
)
KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)
KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)
KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)
# one-liner to decode access token
echo -n $KC_ACCESS_TOKEN | cut -d "." -f 2 | base64 -d | jq .
{
"jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
"exp": 1473348085,
"nbf": 0,
"iat": 1473347785,
"iss": "http://localhost:8081/auth/realms/acme-test",
"aud": "app1",
"sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
"typ": "Bearer",
"azp": "app1",
"auth_time": 0,
"session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
"acr": "1",
"client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
"allowed-origins": [],
"resource_access": {
"app-js-demo-client": {
"roles": [
"user"
]
},
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"name": "Theo Tester",
"preferred_username": "tester",
"given_name": "Theo",
"family_name": "Tester",
"email": "tom+tester at localhost"
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160908/2435eee6/attachment.html
More information about the keycloak-user
mailing list