Hello Stian,you are right, some tokens might not be decoded correctly...The following works for me now:decode_base64_url() {local len=$((${#1} % 4))local result="$1"if [ $len -eq 2 ]; then result="$1"'=='elif [ $len -eq 3 ]; then result="$1"'='fiecho "$result" | tr '_-' '/+' | openssl enc -d -base64}decode_jwt(){decode_base64_url $(echo -n $2 | cut -d "." -f $1) | jq .}# Decode JWT headeralias jwth="decode_jwt 1"# Decode JWT Payloadalias jwtp="decode_jwt 2"Took the decode_base64_url function from https://github.com/Moodstocks/moodstocks-api-clients/blob/master/bash/base64url.shCheers,Thomas_______________________________________________2016-09-09 8:50 GMT+02:00 Stian Thorgersen <sthorger@redhat.com>:I think that'll only work most of the time as tokens are base64 url encoded, not plain base64 encoded. Most of the time it works with standard base64 decoder, but once in a while those special characters that base64 url strips out gets in the way.On 8 September 2016 at 17:26, Thomas Darimont <thomas.darimont@googlemail.com> wrote:_______________________________________________... and here is a quick helper function for your shell:#Keycloakdecode_jwt(){echo -n $@ | cut -d "." -f 2 | base64 -d | jq .}alias jwtd=decode_jwt$ jwtd $KC_ACCESS_TOKEN{"jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd","exp": 1473348085,"nbf": 0,"iat": 1473347785,"aud": "app1","sub": "c88e9053-89cf-4a4b-af09-c34d91d083af","typ": "Bearer","azp": "app1","auth_time": 0,"session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b","acr": "1","client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb","allowed-origins": [],"resource_access": {"app-js-demo-client": {"roles": ["user"]},"account": {"roles": ["manage-account","view-profile"]}},"name": "Theo Tester","preferred_username": "tester","given_name": "Theo","family_name": "Tester","email": "tom+tester@localhost"}Cheers,Thomas2016-09-08 17:20 GMT+02:00 Thomas Darimont <thomas.darimont@googlemail.com>:Hello group,just found an interesting example for decoding a JWT token in the shell.Perhaps some of you might find that handy... see below.Cheers,ThomasKC_REALM=acme-testKC_USERNAME=testerKC_PASSWORD=testKC_CLIENT=app1KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032KC_URL="http://localhost:8081/auth"# Request Tokens for credentialsKC_RESPONSE=$( \curl -k -v \-d "username=$KC_USERNAME" \-d "password=$KC_PASSWORD" \-d 'grant_type=password' \-d "client_id=$KC_CLIENT" \-d "client_secret=$KC_CLIENT_SECRET" \"$KC_URL/realms/$KC_REALM/protocol/openid-connect/token" \| jq .)KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)# one-liner to decode access tokenecho -n $KC_ACCESS_TOKEN | cut -d "." -f 2 | base64 -d | jq .{"jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd","exp": 1473348085,"nbf": 0,"iat": 1473347785,"aud": "app1","sub": "c88e9053-89cf-4a4b-af09-c34d91d083af","typ": "Bearer","azp": "app1","auth_time": 0,"session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b","acr": "1","client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb","allowed-origins": [],"resource_access": {"app-js-demo-client": {"roles": ["user"]},"account": {"roles": ["manage-account","view-profile"]}},"name": "Theo Tester","preferred_username": "tester","given_name": "Theo","family_name": "Tester","email": "tom+tester@localhost"}
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user