Hello group,

just found an interesting example for decoding a JWT token in the shell.

Perhaps some of you might find that handy... see below.

Cheers,

Thomas

KC_REALM=acme-test

KC_USERNAME=tester

KC_PASSWORD=test

KC_CLIENT=app1

KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032

KC_URL="http://localhost:8081/auth"

# Request Tokens for credentials

KC_RESPONSE=$( \

   curl -k -v \

        -d "username=$KC_USERNAME" \

        -d "password=$KC_PASSWORD" \

        -d 'grant_type=password' \

        -d "client_id=$KC_CLIENT" \

        -d "client_secret=$KC_CLIENT_SECRET" \

        "$KC_URL/realms/$KC_REALM/protocol/openid-connect/token" \

    | jq . 

)

KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)

KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)

KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)

# one-liner to decode access token

echo -n $KC_ACCESS_TOKEN | cut -d "." -f 2 | base64 -d | jq .

{

  "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",

  "exp": 1473348085,

  "nbf": 0,

  "iat": 1473347785,

  "iss": "http://localhost:8081/auth/realms/acme-test",

  "aud": "app1",

  "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",

  "typ": "Bearer",

  "azp": "app1",

  "auth_time": 0,

  "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",

  "acr": "1",

  "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",

  "allowed-origins": [],

  "resource_access": {

    "app-js-demo-client": {

      "roles": [

        "user"

      ]

    },

    "account": {

      "roles": [

        "manage-account",

        "view-profile"

      ]

    }

  },

  "name": "Theo Tester",

  "preferred_username": "tester",

  "given_name": "Theo",

  "family_name": "Tester",

  "email": "tom+tester@localhost"

}