<div dir="ltr"><div>... and here is a quick helper function for your shell:</div><div><br></div><div>#Keycloak</div><div>decode_jwt(){</div><div>  echo -n $@ | cut -d &quot;.&quot; -f 2 | base64 -d | jq .</div><div>}</div><div>alias jwtd=decode_jwt</div><div><br></div><div><div>$ jwtd $KC_ACCESS_TOKEN</div><div>{</div><div>  &quot;jti&quot;: &quot;c5ed8525-f0c6-433f-9a88-ef92645582dd&quot;,</div><div>  &quot;exp&quot;: 1473348085,</div><div>  &quot;nbf&quot;: 0,</div><div>  &quot;iat&quot;: 1473347785,</div><div>  &quot;iss&quot;: &quot;<a href="http://localhost:8081/auth/realms/acme-test">http://localhost:8081/auth/realms/acme-test</a>&quot;,</div><div>  &quot;aud&quot;: &quot;app1&quot;,</div><div>  &quot;sub&quot;: &quot;c88e9053-89cf-4a4b-af09-c34d91d083af&quot;,</div><div>  &quot;typ&quot;: &quot;Bearer&quot;,</div><div>  &quot;azp&quot;: &quot;app1&quot;,</div><div>  &quot;auth_time&quot;: 0,</div><div>  &quot;session_state&quot;: &quot;bfb1e6dd-b8c6-4379-bc47-e86c5396b06b&quot;,</div><div>  &quot;acr&quot;: &quot;1&quot;,</div><div>  &quot;client_session&quot;: &quot;db292d8b-263e-4030-9b93-a1d37e5ee5eb&quot;,</div><div>  &quot;allowed-origins&quot;: [],</div><div>  &quot;resource_access&quot;: {</div><div>    &quot;app-js-demo-client&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;user&quot;</div><div>      ]</div><div>    },</div><div>    &quot;account&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;manage-account&quot;,</div><div>        &quot;view-profile&quot;</div><div>      ]</div><div>    }</div><div>  },</div><div>  &quot;name&quot;: &quot;Theo Tester&quot;,</div><div>  &quot;preferred_username&quot;: &quot;tester&quot;,</div><div>  &quot;given_name&quot;: &quot;Theo&quot;,</div><div>  &quot;family_name&quot;: &quot;Tester&quot;,</div><div>  &quot;email&quot;: &quot;tom+tester@localhost&quot;</div><div>}</div></div><div><br></div><div>Cheers,</div><div>Thomas</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-09-08 17:20 GMT+02:00 Thomas Darimont <span dir="ltr">&lt;<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hello group,</div><div><br></div><div>just found an interesting example for decoding a JWT token in the shell.</div><div>Perhaps some of you might find that handy... see below.</div><div><br></div><div>Cheers,</div><div>Thomas</div><div><br></div><div>KC_REALM=acme-test</div><div>KC_USERNAME=tester</div><div>KC_PASSWORD=test</div><div>KC_CLIENT=app1</div><div>KC_CLIENT_SECRET=aa937217-<wbr>a566-49e4-b46e-97866bad8032</div><div>KC_URL=&quot;<a href="http://localhost:8081/auth" target="_blank">http://localhost:8081/<wbr>auth</a>&quot;</div><div><br></div><div># Request Tokens for credentials</div><div>KC_RESPONSE=$( \</div><div>   curl -k -v \</div><div>        -d &quot;username=$KC_USERNAME&quot; \</div><div>        -d &quot;password=$KC_PASSWORD&quot; \</div><div>        -d &#39;grant_type=password&#39; \</div><div>        -d &quot;client_id=$KC_CLIENT&quot; \</div><div>        -d &quot;client_secret=$KC_CLIENT_<wbr>SECRET&quot; \</div><div>        &quot;$KC_URL/realms/$KC_REALM/<wbr>protocol/openid-connect/token&quot; \</div><div>    | jq . </div><div>)</div><div><br></div><div>KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)</div><div>KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)</div><div>KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)</div><div><br></div><div># one-liner to decode access token</div><div>echo -n $KC_ACCESS_TOKEN | cut -d &quot;.&quot; -f 2 | base64 -d | jq .</div><div><br></div><div>{</div><div>  &quot;jti&quot;: &quot;c5ed8525-f0c6-433f-9a88-<wbr>ef92645582dd&quot;,</div><div>  &quot;exp&quot;: 1473348085,</div><div>  &quot;nbf&quot;: 0,</div><div>  &quot;iat&quot;: 1473347785,</div><div>  &quot;iss&quot;: &quot;<a href="http://localhost:8081/auth/realms/acme-test" target="_blank">http://localhost:8081/auth/<wbr>realms/acme-test</a>&quot;,</div><div>  &quot;aud&quot;: &quot;app1&quot;,</div><div>  &quot;sub&quot;: &quot;c88e9053-89cf-4a4b-af09-<wbr>c34d91d083af&quot;,</div><div>  &quot;typ&quot;: &quot;Bearer&quot;,</div><div>  &quot;azp&quot;: &quot;app1&quot;,</div><div>  &quot;auth_time&quot;: 0,</div><div>  &quot;session_state&quot;: &quot;bfb1e6dd-b8c6-4379-bc47-<wbr>e86c5396b06b&quot;,</div><div>  &quot;acr&quot;: &quot;1&quot;,</div><div>  &quot;client_session&quot;: &quot;db292d8b-263e-4030-9b93-<wbr>a1d37e5ee5eb&quot;,</div><div>  &quot;allowed-origins&quot;: [],</div><div>  &quot;resource_access&quot;: {</div><div>    &quot;app-js-demo-client&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;user&quot;</div><div>      ]</div><div>    },</div><div>    &quot;account&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;manage-account&quot;,</div><div>        &quot;view-profile&quot;</div><div>      ]</div><div>    }</div><div>  },</div><div>  &quot;name&quot;: &quot;Theo Tester&quot;,</div><div>  &quot;preferred_username&quot;: &quot;tester&quot;,</div><div>  &quot;given_name&quot;: &quot;Theo&quot;,</div><div>  &quot;family_name&quot;: &quot;Tester&quot;,</div><div>  &quot;email&quot;: &quot;tom+tester@localhost&quot;</div><div>}</div><div><br></div></div>
</blockquote></div><br></div>