An authentication library.
The source code is provided under the terms of the MIT license.
This tool provides three operations on json web tokens: token generation, decoding, and verification
Generates a token for given account with expiration timestamp provided via parameter or via config.
For example to get a valid for an hour token for account bar at baz.services:
$ svc-authn-cli sign --account bar.baz.services --expires_in 3600
REJ0eXAiOiJKV...Available params:
--expires-in seconds | --expires-at datetime- sets token encryption eithersecondsinto the future or atdatetimemoment in time (available formats are "YYYY-MM-DD" and "YYYY-MM-DD hh:mm:ss")--cross-audience- scope for audience--account | -a- account to issue token for, required parameter
Config file is supplied via --config | -c parameter or read by default from ~/.svc/authn-cli.toml.
It provides default expires_in value for token (when no --expires-in | --expires-at parameter was given to sign) and a list of audiences with corresponding issuer, encoding algorithm and keys to sign and verify tokens.
Have a look at the sample config.
Given a token we can extract its content:
$ svc-authn-cli decode REJ0eXAiOiJKV...
{ "iss" : "baz.services", "aud" : "baz.services", "sub" : "bar", "exp": 1586531265 }Given a token we can verify its signature:
$ svc-authn-cli verify REJ0eXAiOiJKV...
Verification passed, token valid for 3543 seconds