jwt
Encode, decode, and sign JSON Web Tokens
TLDR
Decode a JWT
Decode a JWT as a JSON string
Encode a JSON string to a JWT
Encode key pair payload to JWT
SYNOPSIS
jwt encode | decode | verify [options]
PARAMETERS
encode
Encodes a JSON payload into a JWT.
decode
Decodes a JWT and prints its header and payload.
verify
Verifies the signature of a JWT.
-H, --header
Specifies the JWT header as a JSON string.
-P, --payload
Specifies the JWT payload as a JSON string.
-S, --secret
Specifies the secret key for HMAC algorithms.
-k, --key
Specifies the path to a private key file (PEM format).
-p, --pubkey
Specifies the path to a public key file (PEM format).
-a, --alg
Specifies the signing algorithm (e.g., HS256, RS256).
-i, --input
Read input from file.
-o, --output
Write output to file.
-f, --force
Overwrite output file if it exists.
-j, --json
Format output as JSON.
-h, --help
Displays help information.
-v, --version
Displays version information.
DESCRIPTION
The jwt command provides a way to encode, decode, and verify JSON Web Tokens (JWTs) directly from the Linux command line.
It's a valuable tool for developers and system administrators who work with JWT-based authentication and authorization mechanisms. The tool simplifies the process of inspecting JWT contents without relying on external libraries or web-based tools. You can use it to check headers, payloads, and signatures, as well as generate new tokens using secrets or public/private keys.
The jwt command supports various JWT algorithms (e.g., HS256, RS256) and can be integrated into shell scripts and automation workflows.
It eliminates the need to copy-paste JWTs into online decoders or write custom scripts for validation and inspection, enhancing productivity and security.
CAVEATS
The security of JWTs relies heavily on the secrecy of the secret key or the security of the private key.
Never expose these keys and ensure they are stored securely.
Also, always validate JWTs before trusting their contents.
Be aware of potential vulnerabilities such as algorithm confusion.
EXAMPLES
Encode a JWT with header and payload:
jwt encode -H '{"alg":"HS256", "typ":"JWT"}' -P '{"sub":"user123", "name":"John Doe"}' -S 'secret'
Decode a JWT:
jwt decode
Verify a JWT:
jwt verify
SEE ALSO
openssl(1)