A super fast CLI tool to decode and encode JWTs built in Rust.
jwt-cli
is a command line tool to help you work with JSON Web Tokens (JWTs). Like most JWT command line tools out there, you can decode almost any JWT header and claims body. Unlike any that I've found, however, jwt-cli
allows you to encode a new JWT with nearly any piece of data you can think of. Custom header values (some), custom claim bodies (as long as it's JSON, it's game), and using any secret you need.
On top of all that, it's written in Rust so it's fast and portable (windows, macOS, and linux supported right now).
Install jwt-cli
via Homebrew or MacPorts (macOS), Cargo (cross-platform), and FreshPorts (FreeBSD). If you intend to use one of these methods, skip ahead.
You may also install the binary from the release page, if you're unable to use Homebrew or Cargo install methods below.
Only 64bit linux, macOS, and Windows targets are pre-built. Sorry if you're not on one of those! You'll need to build it from the source. See the contributing section on how to install and build the project.
You should install it somewhere in your $PATH
. For Linux and macOS, a good place is generally /usr/local/bin
. For Windows, there isn't a good place by default :(.
# Install jwt-cli
brew install mike-engel/jwt-cli/jwt-cli
# Ensure it worked ok by running the help command
jwt help
sudo port install jwt-cli
More info here.
If your system supports it, you can install via Cargo. Make sure you have Rust and Cargo installed, following these instructions before proceeding.
cargo install jwt-cli
The binary installs to your Cargo bin path (~/.cargo/bin
). Make sure your $PATH
environment variable includes this path.
If you're on FreeBSD, you can use the pkg
tool to install jwt-cli
on your system.
pkg install jwt-cli
Big thanks to Sergey Osokin, the FreeBSD contributor who added jwt-cli
to the FreeBSD ports tree!
jwt-cli
is available on the Scoop main repository for Windows.
scoop install jwt-cli
jwt-cli
is available in the Arch Linux community repository and can be installed via pacman:
pacman -S jwt-cli
For usage info, use the help
command.
# top level help
jwt help
# command specific help
jwt help encode
The -
argument tells jwt-cli
to read from standard input:
jwt encode --secret=fake '{"hello":"world"}' | jwt decode -
It's useful when you're dealing with a chain of shell commands that produce a JWT. Pipe the result through jwt decode -
to decode it.
curl <auth API> | jq -r .access_token | jwt decode -
Currently the underlying token encoding and decoding library, jsonwebtoken
, doesn't support the SEC1 private key format and requires a conversion to the PKCS8 type. You can read more from their own README.
jwt-cli
supports shell completion for bash
, elvish
, fish
, powershell
, and zsh
. To enable it, run the following command:
source <(jwt completion bash)
You may want to add this to your shell profile to have it available every time you open a new shell:
if hash jwt > /dev/null; then
source <(jwt completion bash)
fi
I welcome all issues and pull requests! This is my first project in rust, so this project almost certainly could be better written. All I ask is that you follow the code of conduct and use rustfmt to have a consistent project code style.
To get started you'll need rustc
and cargo
on your system. If they aren't already installed, I recommend rustup to get both!
Once you have both installed, I recommend running the tests to make sure all is well from the start.
# run the tests
cargo test
If it built without any errors, you should be able to run the command via cargo
.
cargo run -- help
Or, if you prefer a release build:
cargo run --release -- help
Thanks goes to these wonderful people (emoji key):
Mike Engel 💻 💬 📖 🤔 🚧 👀 |
Kyle Burton 💻 |
Aaron Schaef 💻 |
hughsimpson 💻 |
Mat Kelly 💻 🐛 |
Jason 🐛 |
Ben Berry 🐛 |
Kevin Lanni 📖 |
Kosta Krauth 💻 |
codedust 💻 🤔 |
Liz Frost 💻 |
Carl Harris 💻 |
Yusuke Kominami 💻 📖 |
This project follows the all-contributors specification. Contributions of any kind welcome!