You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is no one standard JWT decoder which is local and trusted, and asking people to install additional tools is awkward. Using base64 to handle base64url format sometimes works and sometimes has subtle bugs, or non-portable tool expectations. The NATS CLI already has to be able to parse .creds files anyway.
In a similar vein to nats auth nkey it would be good to have a command which can display JWTs:
from an arbitrary .creds file
for a NATS_CONTEXT's .creds file
for the creds for the current context (as overridden by env or cmdline flag)
for an arbitrary JWT on the command-line
for a file containing an arbitrary JWT
It should probably have:
6. a mode to just display raw JSON, no color, no pretty, just "turn this X into the JSON signed payload"
7. a mode to pretty-print as plain JSON (color optional?)
8. a mode to pretty-print with comments, such as converting Unix epoch seconds timestamps to a display format time
9. where the JWT is signed by a key in the nsc trust store, perhaps a means to verify signatures?
Use case
Helping people to see what is in their accounts and users in NATS, and debug what exactly is in the creds as currently used.
In particular nats mumble jwt show current --json | jq .permissions seems it would be something it's useful to be able to ask people to run.
(Bonus points if the jwt mode also has JSON walking, whether jq or jmespath or whatever)
Contribution
Not currently intending to but could be talked into it.
The text was updated successfully, but these errors were encountered:
Proposed change
There is no one standard JWT decoder which is local and trusted, and asking people to install additional tools is awkward. Using
base64
to handle base64url format sometimes works and sometimes has subtle bugs, or non-portable tool expectations. The NATS CLI already has to be able to parse .creds files anyway.In a similar vein to
nats auth nkey
it would be good to have a command which can display JWTs:It should probably have:
6. a mode to just display raw JSON, no color, no pretty, just "turn this X into the JSON signed payload"
7. a mode to pretty-print as plain JSON (color optional?)
8. a mode to pretty-print with comments, such as converting Unix epoch seconds timestamps to a display format time
9. where the JWT is signed by a key in the nsc trust store, perhaps a means to verify signatures?
Use case
Helping people to see what is in their accounts and users in NATS, and debug what exactly is in the creds as currently used.
In particular
nats mumble jwt show current --json | jq .permissions
seems it would be something it's useful to be able to ask people to run.(Bonus points if the jwt mode also has JSON walking, whether jq or jmespath or whatever)
Contribution
Not currently intending to but could be talked into it.
The text was updated successfully, but these errors were encountered: