A super fast CLI tool to decode and encode JWTs built in Rust.

jwt-cli is a command line tool to help you work with JSON Web Tokens (JWTs). Like most JWT command line tools out there, you can decode almost any JWT header and claims body. Unlike any that I've found, however, jwt-cli allows you to encode a new JWT with nearly any piece of data you can think of. Custom header values (some), custom claim bodies (as long as it's JSON, it's game), and using any secret you need.

On top of all that, it's written in Rust so it's fast and portable (windows, macOS, and linux supported right now).

Install jwt-cli via Homebrew or MacPorts (macOS), Cargo (cross-platform), and FreshPorts (FreeBSD). If you intend to use one of these methods, skip ahead.

You may also install the binary from the release page, if you're unable to use Homebrew or Cargo install methods below.

Only 64bit linux, macOS, and Windows targets are pre-built. Sorry if you're not on one of those! You'll need to build it from the source. See the contributing section on how to install and build the project.

You should install it somewhere in your $PATH. For Linux and macOS, a good place is generally /usr/local/bin. For Windows, there isn't a good place by default :(.

# Install jwt-cli
brew install mike-engel/jwt-cli/jwt-cli

# Ensure it worked ok by running the help command
jwt help

sudo port install jwt-cli

More info here.

If your system supports it, you can install via Cargo. Make sure you have Rust and Cargo installed, following these instructions before proceeding.

cargo install jwt-cli

The binary installs to your Cargo bin path (~/.cargo/bin). Make sure your $PATH environment variable includes this path.

If you're on FreeBSD, you can use the pkg tool to install jwt-cli on your system.

pkg install jwt-cli

Big thanks to Sergey Osokin, the FreeBSD contributor who added jwt-cli to the FreeBSD ports tree!

jwt-cli is available on the Scoop main repository for Windows.

scoop install jwt-cli

jwt-cli is available in the Arch Linux community repository and can be installed via pacman:

pacman -S jwt-cli

Unfortunately due to static linking problems when compiling this project, jwt-cli can't run on alpine linux natively.

A workaround is to run it inside a rust docker container rather than using sh within alpine.

For usage info, use the help command.

# top level help
jwt help

# command specific help
jwt help encode

The - argument tells jwt-cli to read from standard input:

jwt encode --secret=fake '{"hello":"world"}' | jwt decode -

It's useful when you're dealing with a chain of shell commands that produce a JWT. Pipe the result through jwt decode - to decode it.

curl <auth API> | jq -r .access_token | jwt decode -

Currently the underlying token encoding and decoding library, jsonwebtoken, doesn't support the SEC1 private key format and requires a conversion to the PKCS8 type. You can read more from their own README.

I welcome all issues and pull requests! This is my first project in rust, so this project almost certainly could be better written. All I ask is that you follow the code of conduct and use rustfmt to have a consistent project code style.

To get started you'll need rustc and cargo on your system. If they aren't already installed, I recommend rustup to get both!

Once you have both installed, I recommend running the tests to make sure all is well from the start.

# run the tests
cargo test

If it built without any errors, you should be able to run the command via cargo.

cargo run -- help

Or, if you prefer a release build:

cargo run --release -- help

Thanks goes to these wonderful people (emoji key):

Mike Engel 💻 💬 📖 🤔 🚧 👀 ⚠️ 🐛	Kyle Burton 💻	Aaron Schaef 💻	hughsimpson 💻 ⚠️	Mat Kelly 💻 🐛	Jason 🐛	Ben Berry 🐛
Kevin Lanni 📖	Kosta Krauth 💻 ⚠️ 📖	codedust 💻 🤔 ⚠️	Liz Frost 💻	Carl Harris 💻 ⚠️	Yusuke Kominami 💻 📖

This project follows the all-contributors specification. Contributions of any kind welcome!