JWT Inspect
A command-line tool for inspecting JWT (JSON Web Token) and JWE (JSON Web Encryption) tokens with colorized output.
Features
- Automatic detection of JWT and JWE tokens
- Colorized, formatted output for better readability
- Detailed header information display
- Human-readable timestamp formatting
- JWT claims decoding
- JWE header inspection
- Token validation status (for JWT)
Installation
From Source
- Clone the repository:
git clone https://gitlab.hedenstroem.com/go/jwt-inspect.git
cd jwt-inspect
- Build the tool:
go build -o jwt-inspect
- (Optional) Move the binary to your PATH or use
go install
:
sudo mv jwt-inspect /usr/local/bin/
Usage
The tool reads tokens from standard input (stdin), making it flexible to use in various ways:
Direct Input
echo "your.jwt.token" | jwt-inspect
File Input
cat token.json | jwt-inspect
Output Format
JWT Token Output
For JWT tokens, the tool displays:
- Header information
- Decoded claims
- Token validation status
Example output:
=== JWT Token Information ===
Header:
{
"alg": "HS256"
"typ": "JWT"
}
Claims:
{
"sub": "1234567890"
"name": "John Doe"
"iat": "2018-01-18T02:30:22+01:00"
}
Validation:
Status: Valid
JWE Token Output
For JWE tokens, the tool displays:
- Version
- Issued At (timestamp)
- Encryption algorithm
- Authentication tag
- Expiration (timestamp)
- Key management algorithm
- Initialization vector (IV)
Example output:
=== JWE Token Information ===
Header:
{
"Version": 1
"Issued At": "2024-11-29T09:33:38+01:00"
"Encryption": "A128GCM"
"Authentication Tag": "NH-D8jA7Ox66apnZZDUm3w"
"Expiration": "2024-11-29T21:33:38+01:00"
"Algorithm": "A128GCMKW"
"IV": "IQq4ymVaejesAn7y"
}
Note: Payload is encrypted and cannot be displayed
Color Scheme
The tool uses different colors to enhance readability:
- Bold Blue/Green: Main title (JWE/JWT respectively)
- Bold Yellow: Section headers
- Yellow: JSON braces and keys
- Cyan: JSON values
- Magenta: Encrypted payload note
- Green/Red: Validation status
- Red: Error messages
Dependencies
- github.com/golang-jwt/jwt/v5: JWT parsing and validation
Building from Source
- Ensure you have Go installed on your system
- Clone the repository
- Run
go mod tidy
to install dependencies - Build the project:
go build -o jwt-inspect
Error Handling
The tool provides clear error messages for common issues:
- Invalid token format
- Parsing errors
- Invalid signatures (for JWT)
- File reading errors
Error messages are displayed in red for better visibility.
License
This project is licensed under the MIT License - see the LICENSE file for details.