All tools are nicely suited for creating simple JWT, but having the configs for multiple recipients on one command line is tricky at best.
What we should have is a token tool that consumes a JSON or YAML file for the different parameters of our token. The tool would have a configuration parameter and accept payload and thats it. This allows one to declare the JWT outcome separately from running the command.
The following example illustrates how a declaration might look like:
jose:
format: compact
# global claims and defaults
iat: now
exp: 1h
jwks: my/jwks/default.jwks
sign:
- jwks: my/jwks/file.jwks
kid: mysignkey
alg: RS256
# other parameters
aud: for your eyes only
claims:
# application specific claims
- kid: mydefaultkeyid
alg: ES256
enc:
recipients:
- jwks: my/friends.jwks
kid: freds_key
alg: RSA-OAEP
# other parameters
claims:
# application specific claims
- jwks: my/friends.jwks
kid: lauras_key
alg: RSA-OAEP
# other parameters
claims:
# application specific claimsThis will allow users to declare what their token should look like and the tool will create a suitable token.
All tools are nicely suited for creating simple JWT, but having the configs for multiple recipients on one command line is tricky at best.
What we should have is a
tokentool that consumes a JSON or YAML file for the different parameters of our token. The tool would have a configuration parameter and accept payload and thats it. This allows one to declare the JWT outcome separately from running the command.The following example illustrates how a declaration might look like:
This will allow users to declare what their token should look like and the tool will create a suitable token.
The tool should override bad statements (like the format in the example above) with suitable one.