An authentication library.


Keywords
jwt, middleware, authentication, bearer, authn
License
MIT

Documentation

Authn

Build Status

An authentication library.

License

The source code is provided under the terms of the MIT license.

CLI

This tool provides three operations on json web tokens: token generation, decoding, and verification

Token generation

Generates a token for given account with expiration timestamp provided via parameter or via config.

For example to get a valid for an hour token for account bar at baz.services:

$ svc-authn-cli sign --account bar.baz.services --expires_in 3600
REJ0eXAiOiJKV...

Available params:

  • --expires-in seconds | --expires-at datetime - sets token encryption either seconds into the future or at datetime moment in time (available formats are "YYYY-MM-DD" and "YYYY-MM-DD hh:mm:ss")
  • --cross-audience - scope for audience
  • --account | -a - account to issue token for, required parameter

Config

Config file is supplied via --config | -c parameter or read by default from ~/.svc/authn-cli.toml.

It provides default expires_in value for token (when no --expires-in | --expires-at parameter was given to sign) and a list of audiences with corresponding issuer, encoding algorithm and keys to sign and verify tokens.

Have a look at the sample config.

Token decoding

Given a token we can extract its content:

$ svc-authn-cli decode REJ0eXAiOiJKV...
{ "iss" : "baz.services", "aud" : "baz.services", "sub" : "bar", "exp": 1586531265 }

Token verification

Given a token we can verify its signature:

$ svc-authn-cli verify REJ0eXAiOiJKV...
Verification passed, token valid for 3543 seconds