Skip to content

JWT

Jump to bottom
takeshix edited this page Nov 13, 2018 · 1 revision

The JWT plugins use available in the GUI and CLI. deen uses the python-jose module and supports all algorithms provided by the module. The default algorithm is HS256.

CLI Examples

Create JWT Tokens

With an empty secret:

$ deen jwt '{"user":"admin","superuser":true}'
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJzdXBlcnVzZXIiOnRydWV9.quAk3vMyVLYwseVdbUJ9L28rvkd1JkM2apjD9JpA9zY

With an user-defined password:

$ deen jwt '{"user":"admin","superuser":true}' -s supersecret                                
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJzdXBlcnVzZXIiOnRydWV9.2FHH1TXc4tDqQ3TqSZZNdaeIeCD-Wh8xwvctEuQyBvs

Create a JWT token with a asymmetric RS256 signature:

$deen jwt '{"user":"admin","superuser":true}' -m RS256 -k /tmp/pki/server.key 
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJzdXBlcnVzZXIiOnRydWV9.wbMUK-2Cl4Fmzzjfgv55Bz7k8vwa818RG_iadiPJE-r0MHc_TzbWTn1UGriVMvKQIidiW954AoJlTtBywqG7AsfcZNAFxmaBwRyI-igCkonnuhbfHx6z9rsG1XE92tKT1BAQmcs1u-UiJ7a3T-Qr8fkHk7nR4-9FTCdlA2PaBKIKdYLwtDoGVrXRPIWgGewAYQrOGbuj0DvzG6caT8p_PTJSjCigeCuCGuZbkaWOWitMm3p_1ErIXznpB8msRmXbm34WjuOTavBUs8-peYxAE5QR0w-TRoR_q3MIw_73sW-CfTPmh3tGiI1ljXGnxiOQvYkXXtxonqkWFuTwGnIafg

Decode JWT Tokens

Decode with an empty secret:

$ deen jwt '{"user":"admin","superuser":true}' | deen jwt -r                  
{"typ":"JWT","alg":"HS256"}.{"user": "admin", "superuser": true}

Provide JWT token on command line:

$ deen jwt -r eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJzdXBlcnVzZXIiOnRydWV9.quAk3vMyVLYwseVdbUJ9L28rvkd1JkM2apjD9JpA9zY
{"typ":"JWT","alg":"HS256"}.{"user": "admin", "superuser": true}

Verify Signature of JWT Tokens

The following three commands show how signature verification works:

$ deen jwt '{"user":"admin","superuser":true}' | deen jwt -r -v
{"typ":"JWT","alg":"HS256"}.{"user": "admin", "superuser": true}
Signature valid: True
$ deen jwt '{"user":"admin","superuser":true}' -s supersecret | deen jwt -r -v
Signature valid: False
$ deen jwt '{"user":"admin","superuser":true}' -s supersecret | deen jwt -r -v -s supersecret
{"typ":"JWT","alg":"HS256"}.{"user": "admin", "superuser": true}
Signature valid: True

Verify asymmetric RS256 signature:

$ deen jwt -r eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJzdXBlcnVzZXIiOnRydWV9.wbMUK-2Cl4Fmzzjfgv55Bz7k8vwa818RG_iadiPJE-r0MHc_TzbWTn1UGriVMvKQIidiW954AoJlTtBywqG7AsfcZNAFxmaBwRyI-igCkonnuhbfHx6z9rsG1XE92tKT1BAQmcs1u-UiJ7a3T-Qr8fkHk7nR4-9FTCdlA2PaBKIKdYLwtDoGVrXRPIWgGewAYQrOGbuj0DvzG6caT8p_PTJSjCigeCuCGuZbkaWOWitMm3p_1ErIXznpB8msRmXbm34WjuOTavBUs8-peYxAE5QR0w-TRoR_q3MIw_73sW-CfTPmh3tGiI1ljXGnxiOQvYkXXtxonqkWFuTwGnIafg -v -k /tmp/pki/server.crt 
{"typ":"JWT","alg":"RS256"}.{"user": "admin", "superuser": true}
Signature valid: True
Clone this wiki locally