mohclips · February 27, 2022 21:05 · mohclips · Feb 27, 2022
diff --git a/jwt-decode.sh b/jwt-decode.sh
 #!/bin/bash
 assert() { if [[ $1 != $2 ]]; then echo "assert" $3; exit; fi }

 decodeJWT() {
  jwt=$1

  # trick from https://gist.github.com/rolandyoung/176dd310a6948e094be6#file-verifytoken-sh
  # basically the token is split with a '.' delimeter
  input=${jwt%.*} # delete shortest match of substr from back of str
  encHdr=${input%.*} # delete shortest match of substr from back of str
  encPayload=${input#*.}  # delete shortest match of substr
  encSig=${jwt##*.} # delete longest match of substr
  assert $jwt "$encHdr.$encPayload.$encSig" "failed to decompose jwt"

  echo -n $encPayload | base64 -d 2>/dev/null
 }

 # usage
 # ./jwt-decode.sh $(kubectl -n hackme-ns get secrets hackme-sa-token-5wt6c -oyaml | yq .data.token | base64 -d)

 # TOKEN is the base64 -d returns from the secret
 TOKEN=$1
 decodeJWT "$TOKEN"
	#!/bin/bash
	assert() { if [[ $1 != $2 ]]; then echo "assert" $3; exit; fi }

	decodeJWT() {
	jwt=$1

	# trick from https://gist.github.com/rolandyoung/176dd310a6948e094be6#file-verifytoken-sh
	# basically the token is split with a '.' delimeter
	input=${jwt%.*} # delete shortest match of substr from back of str
	encHdr=${input%.*} # delete shortest match of substr from back of str
	encPayload=${input#*.} # delete shortest match of substr
	encSig=${jwt##*.} # delete longest match of substr
	assert $jwt "$encHdr.$encPayload.$encSig" "failed to decompose jwt"

	echo -n $encPayload \| base64 -d 2>/dev/null
	}

	# usage
	# ./jwt-decode.sh $(kubectl -n hackme-ns get secrets hackme-sa-token-5wt6c -oyaml \| yq .data.token \| base64 -d)

	# TOKEN is the base64 -d returns from the secret
	TOKEN=$1
	decodeJWT "$TOKEN"