Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

jwtgen

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jwtgen

JWT key generator

  • 2.2.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
673
increased by49.89%
Maintainers
1
Weekly downloads
 
Created
Source

Build Status npm version

jwtgen

Command line tool that generates JWT tokens that helps in the testing of applications.

Features

  • Signatures for HMAC-SHA256, HMAC-SHA384, HMAC-SHA512 and RSA-SHA256
  • Issued at (iat) and expiry (exp) values can be configured as offsets
  • Claims can be encoded as JSON or as separate arguments

Installation

Install via npm.

npm install -g jwtgen

Getting Started

The following command will generate a JWT using HMAC-SHA256, a shared secret of my-secret, expires in 1 hour and contains user id of user123 as the iss value.

jwtgen -a HS256 -s "my-secret" -c "iss=user123" -e 3600

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1NTQwNSwiZXhwIjoxNDU3NTU5MDA1fQ.nixEkSKDkru92TBsxdzR8GLANIGQrkRa7E21
C-luNg

If the same command is run with the -v option, a more verbose output is displayed.

jwtgen -a HS256 -s "my-secret" -c "iss=user123" -e 3600 -v

algorithm: HS256

claims:
{
  "iss": "user1234",
  "iat": 1457555405,
  "exp": 1457559005
}

token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1NTQwNSwiZXhwIjoxNDU3NTU5MDA1fQ.nixEkSKDkru92TBsxdzR8GLANIGQrkRa7E21
C-luNg

Expired Tokens

Expired tokens can be generated by specifying an offset to the iat value. The following example issues the token 1 hour (3600 seconds) in the past and expires at the generated time.

jwtgen -a HS256 -s "my-secret" -c "iss=user1234" -i=-3600  -e 3600 -v
algorithm: HS256

claims:
{
  "iss": "user1234",
  "iat": 1457552128,
  "exp": 1457555728
}

token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTQ
1NzU1MjEyOCwiZXhwIjoxNDU3NTU1NzI4fQ.1SoNk-bCy8l3stfN8q4yrjBjbQkaRWP8AMyP
joDDeHE

Tokens Not Valid Yet

Tokens that are not yet valid can be generated by specifying the iat value directly as in the following example:

jwtgen -a HS256 -s "my-secret" -c "iss=user1234" -i=1557555728  -e 3600 -v
algorithm: HS256

claims:
{
  "iss": "user1234",
  "iat": 1557555728,
  "exp": 1557559328
}

token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzNCIsImlhdCI6MTU
1NzU1NTcyOCwiZXhwIjoxNTU3NTU5MzI4fQ.kFt-wgNGIQmB4z-G47yQqGfPPW1FSeyKTFdl
8h5elOQ

Usage

Running the --help command will display a list of options that can be used.

jwtgen --help

Usage: jwtgen [options]

Options:
  -a, --algorithm  algorithm
                        [required] [choices: "HS256", "HS384", "HS512", "RS256"]
  -s, --secret     secret value for HMAC algorithm                      [string]
  -p, --private    private key file (required for RS256 algorithm)      [string]
  -c, --claim      claim in the form [key=value]                        [string]
  --claims         JSON string containing claims                        [string]
  -h, --header     header in the form [key=value]                       [string]
  --headers        JSON string containing headers                       [string]
  -i, --iat        issued at (iat) in seconds from the UNIX epoch [default: now]
  -e, --exp        expiry date in seconds from issued at (iat) time
  -v, --verbose    verbose output                                      [boolean]
  --help           Show help                                           [boolean]

License

BSD-3-Clause

Copyright (c) 2016, Vandium Software Inc. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Vandium Software Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL VANDIUM SOFTWARE INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Keywords

FAQs

Package last updated on 14 Jun 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc