<div dir="ltr">A  colleague wrote this when we were testing keycloak.<div>Hope this helps: <a href="https://gist.github.com/rolandyoung/176dd310a6948e094be6">https://gist.github.com/rolandyoung/176dd310a6948e094be6</a></div><div><br></div><div>Chris</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 9, 2016 at 9:47 AM Thomas Darimont &lt;<a href="mailto:thomas.darimont@googlemail.com">thomas.darimont@googlemail.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hello Stian,</div><div><br></div>you are right, some tokens might not be decoded correctly...<div><br></div><div>The following works for me now:</div><div><br></div><div><div>decode_base64_url() {</div><div>  local len=$((${#1} % 4))</div><div>  local result=&quot;$1&quot;</div><div>  if [ $len -eq 2 ]; then result=&quot;$1&quot;&#39;==&#39;</div><div>  elif [ $len -eq 3 ]; then result=&quot;$1&quot;&#39;=&#39; </div><div>  fi</div><div>  echo &quot;$result&quot; | tr &#39;_-&#39; &#39;/+&#39; | openssl enc -d -base64</div><div>}</div><div><br></div><div>decode_jwt(){</div><div>   decode_base64_url $(echo -n $2 | cut -d &quot;.&quot; -f $1) | jq .</div><div>}</div><div><br></div><div># Decode JWT header</div><div>alias jwth=&quot;decode_jwt 1&quot;</div><div><br></div><div># Decode JWT Payload</div><div>alias jwtp=&quot;decode_jwt 2&quot;</div></div><div><div><br></div><div>Took the decode_base64_url function from <a href="https://github.com/Moodstocks/moodstocks-api-clients/blob/master/bash/base64url.sh" target="_blank">https://github.com/Moodstocks/moodstocks-api-clients/blob/master/bash/base64url.sh</a></div><div><br></div><div>Cheers,</div><div>Thomas</div></div></div><div dir="ltr"><div><div class="gmail_extra"><br><div class="gmail_quote">2016-09-09 8:50 GMT+02:00 Stian Thorgersen <span dir="ltr">&lt;<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I think that&#39;ll only work most of the time as tokens are base64 url encoded, not plain <span style="font-size:12.8px">base64 encoded. Most of the time it works with standard base64 decoder, but once in a while those special characters that base64 url strips out gets in the way.</span></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 8 September 2016 at 17:26, Thomas Darimont <span dir="ltr">&lt;<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>&gt;</span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div dir="ltr"><div>... and here is a quick helper function for your shell:</div><div><br></div><div>#Keycloak</div><div>decode_jwt(){</div><div>  echo -n $@ | cut -d &quot;.&quot; -f 2 | base64 -d | jq .</div><div>}</div><div>alias jwtd=decode_jwt</div><div><br></div><div><div>$ jwtd $KC_ACCESS_TOKEN</div><div><div><div>{</div><div>  &quot;jti&quot;: &quot;c5ed8525-f0c6-433f-9a88-ef92645582dd&quot;,</div><div>  &quot;exp&quot;: 1473348085,</div><div>  &quot;nbf&quot;: 0,</div><div>  &quot;iat&quot;: 1473347785,</div><div>  &quot;iss&quot;: &quot;<a href="http://localhost:8081/auth/realms/acme-test" target="_blank">http://localhost:8081/auth/realms/acme-test</a>&quot;,</div><div>  &quot;aud&quot;: &quot;app1&quot;,</div><div>  &quot;sub&quot;: &quot;c88e9053-89cf-4a4b-af09-c34d91d083af&quot;,</div><div>  &quot;typ&quot;: &quot;Bearer&quot;,</div><div>  &quot;azp&quot;: &quot;app1&quot;,</div><div>  &quot;auth_time&quot;: 0,</div><div>  &quot;session_state&quot;: &quot;bfb1e6dd-b8c6-4379-bc47-e86c5396b06b&quot;,</div><div>  &quot;acr&quot;: &quot;1&quot;,</div><div>  &quot;client_session&quot;: &quot;db292d8b-263e-4030-9b93-a1d37e5ee5eb&quot;,</div><div>  &quot;allowed-origins&quot;: [],</div><div>  &quot;resource_access&quot;: {</div><div>    &quot;app-js-demo-client&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;user&quot;</div><div>      ]</div><div>    },</div><div>    &quot;account&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;manage-account&quot;,</div><div>        &quot;view-profile&quot;</div><div>      ]</div><div>    }</div><div>  },</div><div>  &quot;name&quot;: &quot;Theo Tester&quot;,</div><div>  &quot;preferred_username&quot;: &quot;tester&quot;,</div><div>  &quot;given_name&quot;: &quot;Theo&quot;,</div><div>  &quot;family_name&quot;: &quot;Tester&quot;,</div><div>  &quot;email&quot;: &quot;tom+tester@localhost&quot;</div><div>}</div></div></div></div><div><br></div><div>Cheers,</div><div>Thomas</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-09-08 17:20 GMT+02:00 Thomas Darimont <span dir="ltr">&lt;<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hello group,</div><div><br></div><div>just found an interesting example for decoding a JWT token in the shell.</div><div>Perhaps some of you might find that handy... see below.</div><div><br></div><div>Cheers,</div><div>Thomas</div><div><br></div><div>KC_REALM=acme-test</div><div>KC_USERNAME=tester</div><div>KC_PASSWORD=test</div><div>KC_CLIENT=app1</div><div>KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032</div><div>KC_URL=&quot;<a href="http://localhost:8081/auth" target="_blank">http://localhost:8081/auth</a>&quot;</div><div><br></div><div># Request Tokens for credentials</div><div>KC_RESPONSE=$( \</div><div>   curl -k -v \</div><div>        -d &quot;username=$KC_USERNAME&quot; \</div><div>        -d &quot;password=$KC_PASSWORD&quot; \</div><div>        -d &#39;grant_type=password&#39; \</div><div>        -d &quot;client_id=$KC_CLIENT&quot; \</div><div>        -d &quot;client_secret=$KC_CLIENT_SECRET&quot; \</div><div>        &quot;$KC_URL/realms/$KC_REALM/protocol/openid-connect/token&quot; \</div><div>    | jq . </div><div>)</div><div><br></div><div>KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)</div><div>KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)</div><div>KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)</div><div><br></div><div># one-liner to decode access token</div><div>echo -n $KC_ACCESS_TOKEN | cut -d &quot;.&quot; -f 2 | base64 -d | jq .</div><div><br></div><div>{</div><div>  &quot;jti&quot;: &quot;c5ed8525-f0c6-433f-9a88-ef92645582dd&quot;,</div><div>  &quot;exp&quot;: 1473348085,</div><div>  &quot;nbf&quot;: 0,</div><div>  &quot;iat&quot;: 1473347785,</div><div>  &quot;iss&quot;: &quot;<a href="http://localhost:8081/auth/realms/acme-test" target="_blank">http://localhost:8081/auth/realms/acme-test</a>&quot;,</div><div>  &quot;aud&quot;: &quot;app1&quot;,</div><div>  &quot;sub&quot;: &quot;c88e9053-89cf-4a4b-af09-c34d91d083af&quot;,</div><div>  &quot;typ&quot;: &quot;Bearer&quot;,</div><div>  &quot;azp&quot;: &quot;app1&quot;,</div><div>  &quot;auth_time&quot;: 0,</div><div>  &quot;session_state&quot;: &quot;bfb1e6dd-b8c6-4379-bc47-e86c5396b06b&quot;,</div><div>  &quot;acr&quot;: &quot;1&quot;,</div><div>  &quot;client_session&quot;: &quot;db292d8b-263e-4030-9b93-a1d37e5ee5eb&quot;,</div><div>  &quot;allowed-origins&quot;: [],</div><div>  &quot;resource_access&quot;: {</div><div>    &quot;app-js-demo-client&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;user&quot;</div><div>      ]</div><div>    },</div><div>    &quot;account&quot;: {</div><div>      &quot;roles&quot;: [</div><div>        &quot;manage-account&quot;,</div><div>        &quot;view-profile&quot;</div><div>      ]</div><div>    }</div><div>  },</div><div>  &quot;name&quot;: &quot;Theo Tester&quot;,</div><div>  &quot;preferred_username&quot;: &quot;tester&quot;,</div><div>  &quot;given_name&quot;: &quot;Theo&quot;,</div><div>  &quot;family_name&quot;: &quot;Tester&quot;,</div><div>  &quot;email&quot;: &quot;tom+tester@localhost&quot;</div><div>}</div><div><br></div></div>
</blockquote></div><br></div>
</div></div><br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</blockquote></div><br></div></div></div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div>