Support verification in the CLI

Question

Support verification in the CLI

driverpt opened this issue 4 years ago · 1 comments

e.g.:

jwt verify <jwt-as-string> <secret>

Answer 1 · 2021-07-11T09:23:47.000Z

This is already possible using the -S parameter:

jwt decode --alg 'HS256' -S <secret> <jwt-as-string>

e.g.

JWT=`jwt encode '{"field":"value"}' --secret 1234567890 --alg 'HS256' --exp '+1 year'`
jwt decode --alg 'HS256' -S 1234567890 $JWT

However, this is not obvious, i.e. no warning is shown if the signature is not checked. Pull request #133 improves error messages for signature validation.