Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a JWT decoder #1061

Open
philpennock opened this issue May 24, 2024 · 0 comments
Open

Add a JWT decoder #1061

philpennock opened this issue May 24, 2024 · 0 comments
Labels
proposal Enhancement idea or proposal

Comments

@philpennock
Copy link
Member

Proposed change

There is no one standard JWT decoder which is local and trusted, and asking people to install additional tools is awkward. Using base64 to handle base64url format sometimes works and sometimes has subtle bugs, or non-portable tool expectations. The NATS CLI already has to be able to parse .creds files anyway.

In a similar vein to nats auth nkey it would be good to have a command which can display JWTs:

  1. from an arbitrary .creds file
  2. for a NATS_CONTEXT's .creds file
  3. for the creds for the current context (as overridden by env or cmdline flag)
  4. for an arbitrary JWT on the command-line
  5. for a file containing an arbitrary JWT

It should probably have:
6. a mode to just display raw JSON, no color, no pretty, just "turn this X into the JSON signed payload"
7. a mode to pretty-print as plain JSON (color optional?)
8. a mode to pretty-print with comments, such as converting Unix epoch seconds timestamps to a display format time
9. where the JWT is signed by a key in the nsc trust store, perhaps a means to verify signatures?

Use case

Helping people to see what is in their accounts and users in NATS, and debug what exactly is in the creds as currently used.

In particular nats mumble jwt show current --json | jq .permissions seems it would be something it's useful to be able to ask people to run.

(Bonus points if the jwt mode also has JSON walking, whether jq or jmespath or whatever)

Contribution

Not currently intending to but could be talked into it.

@philpennock philpennock added the proposal Enhancement idea or proposal label May 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
proposal Enhancement idea or proposal
Projects
None yet
Development

No branches or pull requests

1 participant