jwt-cli
A super fast CLI tool to decode and encode JWTs built in Rust.
jwt-cli is a command line tool to help you work with JSON Web Tokens (JWTs). Like most JWT command line tools out there, you can decode almost any JWT header and claims body. Unlike any that I've found, however, jwt-cli allows you to encode a new JWT with nearly any piece of data you can think of. Custom header values (some), custom claim bodies (as long as it's JSON, it's game), and using any secret you need.
On top of all that, it's written in Rust so it's fast and portable (windows, macOS, and linux supported right now).
Installation
Install jwt-cli via Homebrew or MacPorts (macOS), Cargo (cross-platform), and FreshPorts (FreeBSD). If you intend to use one of these methods, skip ahead.
You may also install the binary from the release page, if you're unable to use Homebrew or Cargo install methods below.
Only 64bit linux, macOS, and Windows targets are pre-built. Sorry if you're not on one of those! You'll need to build it from the source. See the contributing section on how to install and build the project.
You should install it somewhere in your $PATH. For Linux and macOS, a good place is generally /usr/local/bin. For Windows, there isn't a good place by default :(.
Homebrew
# Install jwt-cli
# Ensure it worked ok by running the help command
MacPorts
More info here.
Cargo
If your system supports it, you can install via Cargo. Make sure you have Rust and Cargo installed, following these instructions before proceeding.
The binary installs to your Cargo bin path (~/.cargo/bin). Make sure your $PATH environment variable includes this path.
FreshPorts
If you're on FreeBSD, you can use the pkg tool to install jwt-cli on your system.
Big thanks to Sergey Osokin, the FreeBSD contributor who added jwt-cli to the FreeBSD ports tree!
Scoop
jwt-cli is available on the Scoop main repository for Windows.
Arch Linux
jwt-cli is available in the Arch Linux community repository and can be installed via pacman:
Usage
For usage info, use the help command.
# top level help
# command specific help
Usage as a pipe
The - argument tells jwt-cli to read from standard input:
|
It's useful when you're dealing with a chain of shell commands that produce a JWT. Pipe the result through jwt decode - to decode it.
| |
Using elliptic curve keys
Currently the underlying token encoding and decoding library, jsonwebtoken, doesn't support the SEC1 private key format and requires a conversion to the PKCS8 type. You can read more from their own README.
Shell completion
jwt-cli supports shell completion for bash, elvish, fish, powershell, and zsh. To enable it, run the following command:
You may want to add this to your shell profile to have it available every time you open a new shell:
if ; then
fi
Contributing
I welcome all issues and pull requests! This is my first project in rust, so this project almost certainly could be better written. All I ask is that you follow the code of conduct and use rustfmt to have a consistent project code style.
To get started you'll need rustc and cargo on your system. If they aren't already installed, I recommend rustup to get both!
Building and running the project
Once you have both installed, I recommend running the tests to make sure all is well from the start.
# run the tests
If it built without any errors, you should be able to run the command via cargo.
Or, if you prefer a release build:
Code of conduct
Changelog
License
Contributors ✨
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!