Last active
August 24, 2023 10:31
-
-
Save carestad/bed9cb8140d28fe05e67e15f667d98ad to your computer and use it in GitHub Desktop.
Script to generate JWT for use with Github apps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Generate JWT for Github App | |
# | |
# Inspired by implementation by Will Haley at: | |
# http://willhaley.com/blog/generate-jwt-with-bash/ | |
# From: | |
# https://stackoverflow.com/questions/46657001/how-do-you-create-an-rs256-jwt-assertion-with-bash-shell-scripting | |
thisdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" | |
set -o pipefail | |
# Change these variables: | |
app_id=1337 | |
app_private_key="$(< $thisdir/app.key)" | |
# Shared content to use as template | |
header='{ | |
"alg": "RS256", | |
"typ": "JWT" | |
}' | |
payload_template='{}' | |
build_payload() { | |
jq -c \ | |
--arg iat_str "$(date +%s)" \ | |
--arg app_id "${app_id}" \ | |
' | |
($iat_str | tonumber) as $iat | |
| .iat = $iat | |
| .exp = ($iat + 300) | |
| .iss = ($app_id | tonumber) | |
' <<< "${payload_template}" | tr -d '\n' | |
} | |
b64enc() { openssl enc -base64 -A | tr '+/' '-_' | tr -d '='; } | |
json() { jq -c . | LC_CTYPE=C tr -d '\n'; } | |
rs256_sign() { openssl dgst -binary -sha256 -sign <(printf '%s\n' "$1"); } | |
sign() { | |
local algo payload sig | |
algo=${1:-RS256}; algo=${algo^^} | |
payload=$(build_payload) || return | |
signed_content="$(json <<<"$header" | b64enc).$(json <<<"$payload" | b64enc)" | |
sig=$(printf %s "$signed_content" | rs256_sign "$app_private_key" | b64enc) | |
printf '%s.%s\n' "${signed_content}" "${sig}" | |
} | |
sign |
It helped me a lot. THX!
Thanks! Works great. Strange that Gihub doesn't give bash script as official example, only Ruby.
Jesus - finally. Went in circles looking for a solution but this one works.
Just wanted to say thanks for this. Very helpful!
Thanks a lot, I tried with several methods to create this token without lucky until I used this method.
On MacOS i do get the following error:
line 42: ${algo^^}: bad substitution
Any idea why?
@89pleasure I got the same error. I worked around it using an Ubuntu Docker container.
For others with this problem you will have to upgrade your version of the bash shell. OSX ships with v3, and the latest is v5.
brew install bash
/opt/homebrew/Cellar/bash/5.2.15/bin/bash script.sh
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I see you figured it out, @michaelsync.
$generated_jwt
is basically the output of the entire script there. I will update my previous response so it is more clear 👍