A stupid mock for working with JSON web tokens. You can use this to sign and validate tokens in dev environments.
- Configure your JWT validation code to fetch the public key from .well-known/jwks.json.
- Generate a token by POSTing a payload to the /token endpoint.
- Use your new token.
The service will sign any payload given to it. The only default claim is iat,
which is set to the current timestamp. This can of course be changed by already
passing in an iat claim.
Example usage with curl:
curl -X POST -d '{"foo":42}' http://localhost:3000/token
Or nested into another curl:
curl -H "Authorization: $(curl -X POST -d '{"foo":42}' http://localhost:3000/token)" http://example.com
You can run the dummy using Docker:
docker run -p 3000:3000 foobert/jwtdummy
The key id can be configured by setting the KEY_ID environment variable.
You can override the private key by putting a PEM formatted RSA key in a file
called private.key.
