Awesome
JWT UI - A Terminal UI for decoding/encoding JSON Web Tokens
____.__ _____________ ____ ___.___
| / \ / \__ ___/ | | \ |
| \ \/\/ / | | ______ | | / |
/\__| |\ / | | /_____/ | | /| |
\________| \__/\ / |____| |______/ |___|
\/
A terminal UI for decoding/encoding JSON Web Tokens inspired by JWT.io and jwt-cli
Crafted by
<img src="artwork/Auth0byOkta_logo.svg" alt="Auth0 by Okta" style="width:120px;"/>Table of Contents
- Features
- Installation
- Usage
- Screenshots
- Troubleshooting
- Limitations/known issues
- Libraries used
- License
- Release
- Creator
Features
- Fully offline
- Supports secrets as plain text, file path (beginning with
@
) or base64 encoded string (beginning withb64:
). Supported secret formats:- HMAC -
HS{256,384,512}
: Plain text, base64 encoded string, JWKS (JSON text and.json
file) - RSA -
RS{256,384,512}
,PS{256,384,512}
: PEM file, DER file, PKCS8 file, JWKS (JSON text and.json
file) - ECDSA -
ES{256,384}
: PEM file, DER file, PKCS8 file, JWKS (JSON text and.json
file) - EdDSA : PEM file, DER file, PKCS8 file, JWKS (JSON text and
.json
file) -
- Note: JWKS support is only for decoding. For encoding use PEM/DER/PKCS8 files for RSA/ECDSA/EdDSA and plain/base64 text for HMAC
- HMAC -
- Dark/Light themes
- Sensible keyboard shortcuts and Mouse support
- Copy to clipboard
- STDOUT mode
Installation
Homebrew (Mac & Linux)
brew tap jwt-rs/jwt-ui
brew install jwt-ui
# If you need to be more specific, use:
brew install jwt-rs/jwt-ui/jwt-ui
To upgrade
brew upgrade jwt-ui
Scoop (Windows)
scoop bucket add jwt-ui-bucket https://github.com/jwt-rs/scoop-jwt-ui
scoop install jwt-ui
Cargo
If you have Cargo installed then you install JWT UI from crates.io
cargo install jwt-ui --locked
You can also clone the repo and run cargo run
or make
to build and run the app
Arch Linux
[Maintained by @orhun]
jwt-ui
is available in the official repositories. You can install it using pacman:
pacman -S jwt-ui
Install script
Run the below command to install the latest binary. Run with sudo if you don't have write access to /usr/local/bin
. Else the script will install to the current directory
curl https://raw.githubusercontent.com/jwt-rs/jwt-ui/main/deployment/getLatest.sh | bash
Docker
Run JWT UI as a Docker container.
docker run --rm -it deepu105/jwt-ui
You can also clone this repo and run make docker
to build a docker image locally and run it using the above command
Manual
Binaries for macOS (x86_64, arm64), Linux GNU/MUSL(x86_64, armv6, armv7, aarch64) and Windows (x86_64, aarch64) are available on the releases page
- Download the latest binary for your OS.
- For Linux/macOS:
cd
to the file you just downloaded and runtar -C /usr/local/bin -xzf downloaded-file-name
. Use sudo if required.- Run with
jwtui
- For Windows:
- Use 7-Zip or TarTool to unpack the tar file.
- Run the executable file
jwtui.exe
Usage
# Start UI
jwtui
# Start UI with prefilled token to decode and options
jwtui [OPTIONS] [TOKEN]
# Start UI with prefilled token to decode and JWKS secret from URL
jwtui -S $(curl https://domain.auth0.com/.well-known/jwks.json) [TOKEN]
# if your provider has a different URL for JWKS, look for `jwks_uri` in https://your.idp.com/.well-known/openid-configuration
# Print decoded token to stdout with HMAC plain text secret
jwtui -s -S 'plain_text_secret' [TOKEN]
# Print decoded token to stdout without signature validation.
jwtui -sn [TOKEN]
# Print decoded token to stdout with HMAC base64 encoded secret
jwtui -s -S 'b64:eW91ci0yNTYtYml0LXNlY3JldAo=' [TOKEN]
# Print decoded token to stdout as JSON
jwtui -j -S '@./secret.pem' [TOKEN]
# Print decoded token to stdout with JWKS secret from url
jwtui -s -S $(curl https://domain.auth0.com/.well-known/jwks.json) [TOKEN]
Press ?
while running the app to see keybindings
Arguments: [TOKEN] JWT token to decode [mandatory for stdout mode, optional for TUI mode]
Options:
-S, --secret <SECRET>
Secret for validating the JWT. Can be text, file path (beginning with @) or base64 encoded string (beginning with b64:) [default: ]-s, --stdout
Print to STDOUT instead of starting the CLI in TUI mode-n, --no-verify
Do not validate the signature of the JWT when printing to STDOUT.-j, --json
Print to STDOUT as JSON-t, --tick-rate <TICK_RATE>
Set the tick rate (milliseconds): the lower the number the higher the FPS. Must be less than 1000 [default: 250]-d, --disable-mouse-capture
Disable mouse capture in order to copy individual text-h, --help
Print help-V, --version
Print version
If you are looking for a non TUI CLI, check out jwt-cli
Screenshots
Decoder screen
Encoder screen
Stdout
Troubleshooting
Note: On Debian/Ubuntu you might need to install
libxcb-xfixes0-dev
andlibxcb-shape0-dev
. On Fedoralibxcb
andlibxcb-devel
would be needed.
Note: On Linux you might need to have package
xorg-dev
(Debian/Ubuntu) orxorg-x11-server-devel
(Fedora) or equivalent installed for the copy to clipboard features to work
Limitations/known issues
- [Linux/Docker] Copy to clipboard feature is OS/arch dependent and might crash in some Linux distros and is not supported on
aarch64
andarm
machines. - [macOS] KDash looks better on iTerm2 since macOS's default Terminal app makes the colors render weird.
- [Windows] KDash looks better on CMD since Powershell's default theme makes the colors look weird.
Libraries used
License
MIT
Release
- Update the version in
Cargo.toml
- Update release notes in
CHANGELOG.md
- Commit the changes
- Run
make release V=vx.x.x
to release a new version via GitHub actions