[keycloak-user] Example for decoding JWT Token in Shell
Thomas Darimont
thomas.darimont at googlemail.com
Thu Sep 8 11:26:38 EDT 2016
... and here is a quick helper function for your shell:
#Keycloak
decode_jwt(){
echo -n $@ | cut -d "." -f 2 | base64 -d | jq .
}
alias jwtd=decode_jwt
$ jwtd $KC_ACCESS_TOKEN
{
"jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
"exp": 1473348085,
"nbf": 0,
"iat": 1473347785,
"iss": "http://localhost:8081/auth/realms/acme-test",
"aud": "app1",
"sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
"typ": "Bearer",
"azp": "app1",
"auth_time": 0,
"session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
"acr": "1",
"client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
"allowed-origins": [],
"resource_access": {
"app-js-demo-client": {
"roles": [
"user"
]
},
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"name": "Theo Tester",
"preferred_username": "tester",
"given_name": "Theo",
"family_name": "Tester",
"email": "tom+tester at localhost"
}
Cheers,
Thomas
2016-09-08 17:20 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com>:
> Hello group,
>
> just found an interesting example for decoding a JWT token in the shell.
> Perhaps some of you might find that handy... see below.
>
> Cheers,
> Thomas
>
> KC_REALM=acme-test
> KC_USERNAME=tester
> KC_PASSWORD=test
> KC_CLIENT=app1
> KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032
> KC_URL="http://localhost:8081/auth"
>
> # Request Tokens for credentials
> KC_RESPONSE=$( \
> curl -k -v \
> -d "username=$KC_USERNAME" \
> -d "password=$KC_PASSWORD" \
> -d 'grant_type=password' \
> -d "client_id=$KC_CLIENT" \
> -d "client_secret=$KC_CLIENT_SECRET" \
> "$KC_URL/realms/$KC_REALM/protocol/openid-connect/token" \
> | jq .
> )
>
> KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)
> KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)
> KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)
>
> # one-liner to decode access token
> echo -n $KC_ACCESS_TOKEN | cut -d "." -f 2 | base64 -d | jq .
>
> {
> "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
> "exp": 1473348085,
> "nbf": 0,
> "iat": 1473347785,
> "iss": "http://localhost:8081/auth/realms/acme-test",
> "aud": "app1",
> "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
> "typ": "Bearer",
> "azp": "app1",
> "auth_time": 0,
> "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
> "acr": "1",
> "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
> "allowed-origins": [],
> "resource_access": {
> "app-js-demo-client": {
> "roles": [
> "user"
> ]
> },
> "account": {
> "roles": [
> "manage-account",
> "view-profile"
> ]
> }
> },
> "name": "Theo Tester",
> "preferred_username": "tester",
> "given_name": "Theo",
> "family_name": "Tester",
> "email": "tom+tester at localhost"
> }
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160908/8da52cdd/attachment-0001.html
More information about the keycloak-user
mailing list