[keycloak-user] Example for decoding JWT Token in Shell

Thomas Darimont thomas.darimont at googlemail.com
Thu Sep 8 11:26:38 EDT 2016 

... and here is a quick helper function for your shell:

#Keycloak
decode_jwt(){
  echo -n $@ | cut -d "." -f 2 | base64 -d | jq .
}
alias jwtd=decode_jwt

$ jwtd $KC_ACCESS_TOKEN
{
  "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
  "exp": 1473348085,
  "nbf": 0,
  "iat": 1473347785,
  "iss": "http://localhost:8081/auth/realms/acme-test",
  "aud": "app1",
  "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
  "typ": "Bearer",
  "azp": "app1",
  "auth_time": 0,
  "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
  "acr": "1",
  "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
  "allowed-origins": [],
  "resource_access": {
    "app-js-demo-client": {
      "roles": [
        "user"
      ]
    },
    "account": {
      "roles": [
        "manage-account",
        "view-profile"
      ]
    }
  },
  "name": "Theo Tester",
  "preferred_username": "tester",
  "given_name": "Theo",
  "family_name": "Tester",
  "email": "tom+tester at localhost"
}

Cheers,
Thomas

2016-09-08 17:20 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:

> Hello group,
>
> just found an interesting example for decoding a JWT token in the shell.
> Perhaps some of you might find that handy... see below.
>
> Cheers,
> Thomas
>
> KC_REALM=acme-test
> KC_USERNAME=tester
> KC_PASSWORD=test
> KC_CLIENT=app1
> KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032
> KC_URL="http://localhost:8081/auth"
>
> # Request Tokens for credentials
> KC_RESPONSE=$( \
>    curl -k -v \
>         -d "username=$KC_USERNAME" \
>         -d "password=$KC_PASSWORD" \
>         -d 'grant_type=password' \
>         -d "client_id=$KC_CLIENT" \
>         -d "client_secret=$KC_CLIENT_SECRET" \
>         "$KC_URL/realms/$KC_REALM/protocol/openid-connect/token" \
>     | jq .
> )
>
> KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)
> KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)
> KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)
>
> # one-liner to decode access token
> echo -n $KC_ACCESS_TOKEN | cut -d "." -f 2 | base64 -d | jq .
>
> {
>   "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
>   "exp": 1473348085,
>   "nbf": 0,
>   "iat": 1473347785,
>   "iss": "http://localhost:8081/auth/realms/acme-test",
>   "aud": "app1",
>   "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
>   "typ": "Bearer",
>   "azp": "app1",
>   "auth_time": 0,
>   "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
>   "acr": "1",
>   "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
>   "allowed-origins": [],
>   "resource_access": {
>     "app-js-demo-client": {
>       "roles": [
>         "user"
>       ]
>     },
>     "account": {
>       "roles": [
>         "manage-account",
>         "view-profile"
>       ]
>     }
>   },
>   "name": "Theo Tester",
>   "preferred_username": "tester",
>   "given_name": "Theo",
>   "family_name": "Tester",
>   "email": "tom+tester at localhost"
> }
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160908/8da52cdd/attachment-0001.html

More information about the keycloak-user mailing list