Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

JSON Web Tokens (JWT) utilities

Version Released

Author License OS Debian

This is a simple utility to generate and decode JSON Web Tokens (JWTs) that can be used to authenticate against web applications.

See JWT-OPA for an example of how JWTs can be used to authenticate/authorize access to protected online resources/applications.


This script requires the PyJWT module:

$ pip install pyjwt

Use --help (or -h) for a full list of options and their meaning.

To generate a JWT (optionally signed with an empty passphrase), use:

$ echo '{"sub": "marco", "roles": [ "USER" ]}' | ./

eyJ0eXAiOiJKV .... ktOykD4

To decode a JWT that was generated by this or another tool (so long as the JWT is not encrypted), use the -d flag:

$ echo "eyJ0eXAiOiJKV1 ... ktOykD4" | ./ -d
  "sub": "marco",
  "roles": [

Optionally, add the --header flag to emit the JWT header too.

Validating Signed JWTs

To use a shared secret, set it in the $JWT_SECRET env var (if you want to use a different variable name, use --secret-env SECRET_ENV):

$ export JWT_SECRET="mypazzfrase"

# If we use the JWT generated earlier, it won't pass validation
$ echo "eyJ0eXAiOiJKV ... ktOykD4" | ./ -d -v         
ERROR: could not process JWT: Signature verification failed

# We must use --validate, -v when generating it:
$ echo '{"sub": "marco", "roles": [ "USER" ]}' | ./ -v
eyJ0eXAiO .... mJLKsPkblw  # <<-- note the last part, the signature is different

$ echo "eyJ0eXAiO ... mJLKsPkblw" | ./ -d -v --header
  "typ": "JWT",
  "alg": "HS256"
  "sub": "marco",
  "roles": [

Note how the header carries information about the signature algorithm.

NOTE Still TODO adding support for asymmetric and key-based signature algorithms

Raw output

If the output of jwtie needs to be fed into other utilities, pretty-printing it may be unnecessary or even undesirable; in such cases use --raw to get a simple JSON string:

$ echo "eyJ0eXAiO ... mJLKsPkblw" | ./ -d --raw
{"sub": "marco", "roles": ["USER"]}

# This is pointless, really, but proves a point.
$ echo "eyJ0eXAiO ... mJLKsPkblw" | ./ -d --raw \
  | cut -d ',' -f 2 | cut -d '}' -f 1

 "roles": ["USER"]


This will be made available on PyPi for installation via pip:

$ pip install jwtie

TODO: this has not been implemented yet.


Simple Python utility to create/decode/sign JWTs






No releases published


No packages published