test-jwt-server v1.1.0
test-jwt-server
A JWT server for testing, DO NOT use in production.
This server accepts arbitrary payload from GET
/POST
and generate a signed JWT supporting 3 signature modes:
/jwt
signed with shared secret (HS256)GET /key.shared
to get the hard-coded shared secret./jwt.salted
signed with shared secret and salt (HS256)
A randomly generatedsalt
field is put in each JWT payload.
The signature is key computed withpayload.salt + '.' + SHARED_SECRET
./jwt.rsa
signed with RSA private/public key pair (RS256)GET /key.public
to get the hard-coded public key.
Installation
Environment: Node v6+
npm install -g test-jwt-server
test-jwt-server # listen on port 8000 by default
# visit `http://localhost:8000/`
# change port to listen on
test-jwt-server -p 9000
test-jwt-server --port 9000
# visit `http://localhost:9000/`
Usage with Docker
Environment: Docker 1.10+
Clone this repo.
export IMAGE=test-jwt-server1
docker build -t $IMAGE .
docker run -it -p 8000:8000 -d $IMAGE
# visit `http://localhost:8000/`
test-jwt-server
in the container will be listening on port 8000
, use Docker's -p
option to map a different port on host to 8000
, e.g.:
docker run -it -p 9000:8000 -d $IMAGE
# visit `http://localhost:9000/`
This command line map the host's port 9000
to port 8000
of the container.
Usage
/
endpoint will list all routes and descriptions.
The server will
- parse the querystring in
GET
request or - parse body in
POST
request as JWT payload (claims in JWT parlance).
Use /payload
endpoint to test and build the payload before generating the JWT.
See ljharb/qs
to see how to build complex object with querystring.
With HTTPie, these yield the same result:
$ http --body GET 'http://localhost:8000/payload?items[]=1.1&items[]=2.2&items[]=3.3&foo.bar=42&user=me&iat=1000'
$ http --body POST http://localhost:8000/payload <<'EOF'
{
"items": ["1.1","2.2","3.3"],
"foo": {
"bar": "42"
},
"user": "me",
"iat": 1000
}
EOF
Due to limitation of querystring, custom fields will always be strings. Use POST
to when you need numeric fields.
$ http --body POST http://localhost:8000/payload <<'EOF'
{
"items": [1.1, 2.2, 3.3],
"foo": {
"bar": 42
},
"user": "me",
"iat": 1000
}
EOF
JWT Validators
Generated JWT can be validated with 3rd party validators.
JSON Web Tokens - jwt.io
Online JWT generator and verifyer
JWT RFCs
RFC 7515 - JSON Web Signature (JWS)
RFC 7516 - JSON Web Encryption (JWE)
RFC 7517 - JSON Web Key (JWK)
RFC 7518 - JSON Web Algorithms (JWA)
RFC 7519 - JSON Web Token (JWT)
TODO
- Swagger
Example YAML Generated UI