Re: [keycloak-user] Example for decoding JWT Token in Shell

Friday, 9 September 2016

I think that'll only work most of the time as tokens are base64 url
encoded, not plain base64 encoded. Most of the time it works with standard
base64 decoder, but once in a while those special characters that base64
url strips out gets in the way.

On 8 September 2016 at 17:26, Thomas Darimont <
thomas.darimont(a)googlemail.com&gt; wrote:

...
 ... and here is a quick helper function for your shell:

 #Keycloak
 decode_jwt(){
   echo -n $@ | cut -d "." -f 2 | base64 -d | jq .
 }
 alias jwtd=decode_jwt

 $ jwtd $KC_ACCESS_TOKEN
 {
   "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
   "exp": 1473348085,
   "nbf": 0,
   "iat": 1473347785,
   "iss": "http://localhost:8081/auth/realms/acme-test",
   "aud": "app1",
   "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
   "typ": "Bearer",
   "azp": "app1",
   "auth_time": 0,
   "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
   "acr": "1",
   "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
   "allowed-origins": [],
   "resource_access": {
     "app-js-demo-client": {
       "roles": [
         "user"
       ]
     },
     "account": {
       "roles": [
         "manage-account",
         "view-profile"
       ]
     }
   },
   "name": "Theo Tester",
   "preferred_username": "tester",
   "given_name": "Theo",
   "family_name": "Tester",
   "email": "tom+tester@localhost"
 }

 Cheers,
 Thomas

 2016-09-08 17:20 GMT+02:00 Thomas Darimont <thomas.darimont(a)googlemail.com
 >:

> Hello group,
>
> just found an interesting example for decoding a JWT token in the shell.
> Perhaps some of you might find that handy... see below.
>
> Cheers,
> Thomas
>
> KC_REALM=acme-test
> KC_USERNAME=tester
> KC_PASSWORD=test
> KC_CLIENT=app1
> KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032
> KC_URL="http://localhost:8081/auth"
>
> # Request Tokens for credentials
> KC_RESPONSE=$( \
>    curl -k -v \
>         -d "username=$KC_USERNAME" \
>         -d "password=$KC_PASSWORD" \
>         -d 'grant_type=password' \
>         -d "client_id=$KC_CLIENT" \
>         -d "client_secret=$KC_CLIENT_SECRET" \
>         "$KC_URL/realms/$KC_REALM/protocol/openid-connect/token" \
>     | jq .
> )
>
> KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)
> KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)
> KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)
>
> # one-liner to decode access token
> echo -n $KC_ACCESS_TOKEN | cut -d "." -f 2 | base64 -d | jq .
>
> {
>   "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
>   "exp": 1473348085,
>   "nbf": 0,
>   "iat": 1473347785,
>   "iss": "http://localhost:8081/auth/realms/acme-test",
>   "aud": "app1",
>   "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
>   "typ": "Bearer",
>   "azp": "app1",
>   "auth_time": 0,
>   "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
>   "acr": "1",
>   "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
>   "allowed-origins": [],
>   "resource_access": {
>     "app-js-demo-client": {
>       "roles": [
>         "user"
>       ]
>     },
>     "account": {
>       "roles": [
>         "manage-account",
>         "view-profile"
>       ]
>     }
>   },
>   "name": "Theo Tester",
>   "preferred_username": "tester",
>   "given_name": "Theo",
>   "family_name": "Tester",
>   "email": "tom+tester@localhost"
> }
>
>

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Example for decoding JWT Token in Shell