jwt is a command line utility to create and verify JSON Web Tokens.
Either download a pre-built binary, or install from source (requires Go 1.21+):
go install github.com/jamescun/jwt@latestAlternatively on macOS, you can install jwt using the Homebrew package manager:
brew install jamescun/formulas/jwtIf you don't already have a private key to sign your JSON Web Tokens with, one can be generated with:
jwt key --ed25519Which will write an Ed25519 private key to a file called key.pem.
To generate a JSON Web Token using this private key:
jwt sign --aud alice --sub bobWhich will generate a signed JSON Web Token with an audience of alice, for the subject bob that expires in 24 hours.
eyJhbGciOiJFZERTQSJ9.eyJhdWQiOiJhbGljZSIsImV4cCI6MTY5OTQ1Njc3OCwiaWF0IjoxNjk5MzcwMzc4LCJpc3MiOiJnaXRodWIuY29tL2phbWVzY3VuL2p3dCIsIm5iZiI6MTY5OTM3MDM3OCwic3ViIjoiYm9iIn0.EvBPiqBbMH6DdUo-wmHKl4Pgu0-UzbEreE8eQI7dC6DR07F0IinX-dRlWpI5rOK00fMwbjUTKVAyhL7JMfiOCw
To control the expiry, use the --exp command line flag, which accepts s(econds), m(inutes) or h(ours).
Custom claims can also be added with the --claim key='"value"' command line flag. The value must be valid JSON, i.e.:
jwt sign --claim 'human="true"' --claim 'scopes=["foo","bar"]'