jwtgen
Advanced tools
Changelog
2.2.0 (2017-06-14)
Readme
Command line tool that generates JWT tokens that helps in the testing of applications.
Install via npm.
npm install -g jwtgen
The following command will generate a JWT using HMAC-SHA256, a shared secret of my-secret, expires in 1 hour and contains user id of user123 as the iss value.
jwtgen -a HS256 -s "my-secret" -c "iss=user123" -e 3600
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1NTQwNSwiZXhwIjoxNDU3NTU5MDA1fQ.nixEkSKDkru92TBsxdzR8GLANIGQrkRa7E21
C-luNg
If the same command is run with the -v option, a more verbose output is displayed.
jwtgen -a HS256 -s "my-secret" -c "iss=user123" -e 3600 -v
algorithm: HS256
claims:
{
"iss": "user1234",
"iat": 1457555405,
"exp": 1457559005
}
token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1NTQwNSwiZXhwIjoxNDU3NTU5MDA1fQ.nixEkSKDkru92TBsxdzR8GLANIGQrkRa7E21
C-luNg
Expired tokens can be generated by specifying an offset to the iat value. The following example issues the token 1 hour (3600 seconds) in the past and expires at the generated time.
jwtgen -a HS256 -s "my-secret" -c "iss=user1234" -i=-3600 -e 3600 -v
algorithm: HS256
claims:
{
"iss": "user1234",
"iat": 1457552128,
"exp": 1457555728
}
token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1MjEyOCwiZXhwIjoxNDU3NTU1NzI4fQ.1SoNk-bCy8l3stfN8q4yrjBjbQkaRWP8AMyP
joDDeHE
Tokens that are not yet valid can be generated by specifying the iat value directly as in the following example:
jwtgen -a HS256 -s "my-secret" -c "iss=user1234" -i=1557555728 -e 3600 -v
algorithm: HS256
claims:
{
"iss": "user1234",
"iat": 1557555728,
"exp": 1557559328
}
token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTU
1NzU1NTcyOCwiZXhwIjoxNTU3NTU5MzI4fQ.kFt-wgNGIQmB4z-G47yQqGfPPW1FSeyKTFdl
8h5elOQ
Running the --help command will display a list of options that can be used.
jwtgen --help
Usage: jwtgen [options]
Options:
-a, --algorithm algorithm
[required] [choices: "HS256", "HS384", "HS512", "RS256"]
-s, --secret secret value for HMAC algorithm [string]
-p, --private private key file (required for RS256 algorithm) [string]
-c, --claim claim in the form [key=value] [string]
--claims JSON string containing claims [string]
-h, --header header in the form [key=value] [string]
--headers JSON string containing headers [string]
-i, --iat issued at (iat) in seconds from the UNIX epoch [default: now]
-e, --exp expiry date in seconds from issued at (iat) time
-v, --verbose verbose output [boolean]
--help Show help [boolean]
Copyright (c) 2016, Vandium Software Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Vandium Software Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL VANDIUM SOFTWARE INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
JWT key generator
We found that jwtgen demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.