[keycloak-user] Example for decoding JWT Token in Shell
Stian Thorgersen
sthorger at redhat.com
Fri Sep 9 02:50:48 EDT 2016
I think that'll only work most of the time as tokens are base64 url
encoded, not plain base64 encoded. Most of the time it works with standard
base64 decoder, but once in a while those special characters that base64
url strips out gets in the way.
On 8 September 2016 at 17:26, Thomas Darimont <
thomas.darimont at googlemail.com> wrote:
> ... and here is a quick helper function for your shell:
>
> #Keycloak
> decode_jwt(){
> echo -n $@ | cut -d "." -f 2 | base64 -d | jq .
> }
> alias jwtd=decode_jwt
>
> $ jwtd $KC_ACCESS_TOKEN
> {
> "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
> "exp": 1473348085,
> "nbf": 0,
> "iat": 1473347785,
> "iss": "http://localhost:8081/auth/realms/acme-test",
> "aud": "app1",
> "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
> "typ": "Bearer",
> "azp": "app1",
> "auth_time": 0,
> "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
> "acr": "1",
> "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
> "allowed-origins": [],
> "resource_access": {
> "app-js-demo-client": {
> "roles": [
> "user"
> ]
> },
> "account": {
> "roles": [
> "manage-account",
> "view-profile"
> ]
> }
> },
> "name": "Theo Tester",
> "preferred_username": "tester",
> "given_name": "Theo",
> "family_name": "Tester",
> "email": "tom+tester at localhost"
> }
>
> Cheers,
> Thomas
>
> 2016-09-08 17:20 GMT+02:00 Thomas Darimont <thomas.darimont at googlemail.com
> >:
>
>> Hello group,
>>
>> just found an interesting example for decoding a JWT token in the shell.
>> Perhaps some of you might find that handy... see below.
>>
>> Cheers,
>> Thomas
>>
>> KC_REALM=acme-test
>> KC_USERNAME=tester
>> KC_PASSWORD=test
>> KC_CLIENT=app1
>> KC_CLIENT_SECRET=aa937217-a566-49e4-b46e-97866bad8032
>> KC_URL="http://localhost:8081/auth"
>>
>> # Request Tokens for credentials
>> KC_RESPONSE=$( \
>> curl -k -v \
>> -d "username=$KC_USERNAME" \
>> -d "password=$KC_PASSWORD" \
>> -d 'grant_type=password' \
>> -d "client_id=$KC_CLIENT" \
>> -d "client_secret=$KC_CLIENT_SECRET" \
>> "$KC_URL/realms/$KC_REALM/protocol/openid-connect/token" \
>> | jq .
>> )
>>
>> KC_ACCESS_TOKEN=$(echo $KC_RESPONSE| jq -r .access_token)
>> KC_ID_TOKEN=$(echo $KC_RESPONSE| jq -r .id_token)
>> KC_REFRESH_TOKEN=$(echo $KC_RESPONSE| jq -r .refresh_token)
>>
>> # one-liner to decode access token
>> echo -n $KC_ACCESS_TOKEN | cut -d "." -f 2 | base64 -d | jq .
>>
>> {
>> "jti": "c5ed8525-f0c6-433f-9a88-ef92645582dd",
>> "exp": 1473348085,
>> "nbf": 0,
>> "iat": 1473347785,
>> "iss": "http://localhost:8081/auth/realms/acme-test",
>> "aud": "app1",
>> "sub": "c88e9053-89cf-4a4b-af09-c34d91d083af",
>> "typ": "Bearer",
>> "azp": "app1",
>> "auth_time": 0,
>> "session_state": "bfb1e6dd-b8c6-4379-bc47-e86c5396b06b",
>> "acr": "1",
>> "client_session": "db292d8b-263e-4030-9b93-a1d37e5ee5eb",
>> "allowed-origins": [],
>> "resource_access": {
>> "app-js-demo-client": {
>> "roles": [
>> "user"
>> ]
>> },
>> "account": {
>> "roles": [
>> "manage-account",
>> "view-profile"
>> ]
>> }
>> },
>> "name": "Theo Tester",
>> "preferred_username": "tester",
>> "given_name": "Theo",
>> "family_name": "Tester",
>> "email": "tom+tester at localhost"
>> }
>>
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160909/f5918545/attachment.html
More information about the keycloak-user
mailing list