Bash script to generate JWT token for use with PDOK delivery services

generate-jwt.sh

#!/usr/bin/env bash
PROGRAM_NAME=$(basename "$0")
DATASET_OWNER="$1"
PEM="$2"
EXPIRY="$3"

function usage {
    echo "Generate JWT token for use with PDOK delivery services"
    echo ""
    echo "usage: $PROGRAM_NAME <dataset-owner> <pem> <expiry>"
    echo "    - <dataset-owner>: organization name"
    echo "    - <pem>: private key file"
    echo "    - <expiry>: expiry date in Unix epoch time. For example "
    echo '      date month from now: `date -d "+1month"  +%s`'
    echo ""
    echo 'example: `./gen-jwt pdok-test private.pem $(date -d "+1month" +%s)'
    exit 1
}

if test "$#" -ne 3; then
    usage
fi

set -euo pipefail

PEM=$(cat $PEM)

header='{"alg":"RS256","typ":"JWT"}'
payload='{"iss":"'${DATASET_OWNER}'","exp":'${EXPIRY}'}'
encoded_header=$(echo -n $header | base64 | sed s/\+/-/ | sed -E s/=+$//)
encoded_payload=$(echo -n $payload | base64 | sed s/\+/-/ | sed -E s/=+$//)
header_payload="${encoded_header}"."${encoded_payload}"
# signature=$(echo -n $header_payload | openssl dgst -sha256 -binary -sign $PEM | openssl enc -base64 | tr -d '\n=' | tr -- '+/' '-_')
signature=$(openssl dgst -sha256 -sign <(echo -n "${PEM}") <(echo -n "${header_payload}") | openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n')
echo "${header_payload}.${signature}"