Authn

An authentication library.

License

The source code is provided under the terms of the MIT license.

CLI

This tool provides three operations on json web tokens: token generation, decoding, and verification

Token generation

Generates a token for given account with expiration timestamp provided via parameter or via config.

For example to get a valid for an hour token for account bar at baz.services:

$ svc-authn-cli sign --account bar.baz.services --expires_in 3600
REJ0eXAiOiJKV...

Available params:

• --expires-in seconds | --expires-at datetime - sets token encryption either seconds into the future or at datetime moment in time (available formats are "YYYY-MM-DD" and "YYYY-MM-DD hh:mm:ss")
• --cross-audience - scope for audience
• --account | -a - account to issue token for, required parameter

Config

Config file is supplied via --config | -c parameter or read by default from ~/.svc/authn-cli.toml.

It provides default expires_in value for token (when no --expires-in | --expires-at parameter was given to sign) and a list of audiences with corresponding issuer, encoding algorithm and keys to sign and verify tokens.

Have a look at the sample config.

Token decoding

Given a token we can extract its content:

$ svc-authn-cli decode REJ0eXAiOiJKV...
{ "iss" : "baz.services", "aud" : "baz.services", "sub" : "bar", "exp": 1586531265 }

Token verification

Given a token we can verify its signature:

$ svc-authn-cli verify REJ0eXAiOiJKV...
Verification passed, token valid for 3543 seconds