tools/jwt-verify.1 - benmcollins/libjwt - Git at Google

 .\" Automatically generated by Pandoc 3.1.11.1
 .\"
 .TH "JWT\-VERIFY" "1" "" "jwt\-verify User Manual" "LibJWT C Library"
 .SH NAME
 \f[B]jwt\-verify\f[R] \- Verify a JSON Web Token
 .SH SYNOPSIS
 .PP
 \f[B]jwt\-verify\f[R] \f[B][options]\f[R] \f[I]token\f[R] \&...
 .PD 0
 .P
 .PD
 \f[B]jwt\-verify\f[R] \f[B][options]\f[R] \- < \f[I]token\f[R]
 .SH DESCRIPTION
 \f[B]jwt\-verify\f[R] Decodes and (optionally) verifies the signature of
 a JSON Web Token.
 .PP
 By default, the token(s) will be decoded and verified.
 If there is a signature block on the JWT, then you must give a JWK key
 with the \f[B]\-k\f[R] option.
 Verifying a signature requires specifying the algorithm, so it must
 either be in the key file (as the \f[B]alg\f[R] attribute), or passed on
 the command line with the \f[B]\-a\f[R] argument.
 .PP
 \f[B]jwt\-verify\f[R] will not assume the algorithm from the JWT itself
 (for security reasons), however, the algorithm in the JWT must match
 what you provide to \f[B]jwt\-verify\f[R].
 .PP
 Tokens may be passed on the command line, after any options, separated
 by spaces, or passed via \f[B]stdin\f[R], one per line.
 To use \f[B]stdin\f[R], you must pass \f[B]\-\f[R] as the last and only
 argument after any options.
 .PP
 When using the \f[B]\-\-verbose\f[R] option, \f[B]jwt\-verify\f[R] will
 print the JSON \f[I]HEADER\f[R] and \f[I]PAYLOAD\f[R] to
 \f[B]stdout\f[R].
 .PP
 If used in conjunction with \f[B]\-\-print\f[R], the JSON will be piped
 to the command\[cq]s \f[B]stdin\f[R].
 It will be called twice: once for \f[I]HEAD\f[R] and once for
 \f[I]PAYLOAD\f[R].
 .PP
 One use is to pass it through \f[B]jq \-C\f[R] for indenting and
 colorization.
 Another would be to use an external program to validate the
 \f[I]PAYLOAD\f[R] contents.
 A non\-0 exit status from the program will cause verification to fail.
 .SS Options
 .TP
 \f[B]\-h\f[R], \f[B]\-\-help\f[R]
 Show common options and quit.
 .TP
 \f[B]\-l\f[R], \f[B]\-\-list\f[R]
 List all supported algorithms that can be passed to the \f[B]\-a\f[R]
 option and quit.
 .TP
 \f[B]\-v\f[R], \f[B]\-\-verbose\f[R]
 Show the contents of the \f[I]HEADER\f[R] and \f[I]PAYLOAD\f[R] of the
 JWT in addition to verifying the token.
 .TP
 \f[B]\-q\f[R], \f[B]\-\-quiet\f[R]
 Do not output anything except for hard errors.
 The exit value will be the number of token validation failures.
 .TP
 \f[B]\-a\f[R] \f[I]ALG\f[R], \f[B]\-\-algorithm\f[R]=\f[I]ALG\f[R]
 Specify the algorithm to be used when verifying the signature block of
 any tokens passed to the program.
 See \f[B]\-l\f[R] for values of \f[I]ALG\f[R].
 .TP
 \f[B]\-k\f[R] \f[I]FILE\f[R], \f[B]\-\-key\f[R]=\f[I]FILE\f[R]
 Path to a file containing a key in JSON Web Key format.
 If your keys are in PEM or DER (or some other common format that
 \f[I]OpenSSL\f[R] understands), then you can convert it to a JWK with
 the \f[B]key2jwk(1)\f[R] tool.
 .TP
 \f[B]\-p\f[R] \f[I]CMD\f[R], \f[B]\-\-print\f[R]=\f[I]CMD\f[R]
 Pipe JSON of header and payload to \f[I]CMD\f[R] through its
 \f[B]stdin\f[R].
 This option only makes sense with \f[B]\-\-verbose\f[R].
 .SH BUGS
 See GitHub Issues: \c
 .UR https://github.com/benmcollins/libjwt/issues
 .UE \c
 .SH AUTHOR
 \f[B]jwt\-verify\f[R] was originally written by Jeremy Thien.
 Major rewriting and man page by Ben Collins \c
 .MT bcollins@libjwt.io
 .ME \c
 \&.
 .SH SEE ALSO
 \f[B]jwt\-verify(1)\f[R], \f[B]key2jwk(1)\f[R], \f[B]jwk2key(1)\f[R]
	.\" Automatically generated by Pandoc 3.1.11.1
	.\"
	.TH "JWT\-VERIFY" "1" "" "jwt\-verify User Manual" "LibJWT C Library"
	.SH NAME
	\f[B]jwt\-verify\f[R] \- Verify a JSON Web Token
	.SH SYNOPSIS
	.PP
	\f[B]jwt\-verify\f[R] \f[B][options]\f[R] \f[I]token\f[R] \&...
	.PD 0
	.P
	.PD
	\f[B]jwt\-verify\f[R] \f[B][options]\f[R] \- < \f[I]token\f[R]
	.SH DESCRIPTION
	\f[B]jwt\-verify\f[R] Decodes and (optionally) verifies the signature of
	a JSON Web Token.
	.PP
	By default, the token(s) will be decoded and verified.
	If there is a signature block on the JWT, then you must give a JWK key
	with the \f[B]\-k\f[R] option.
	Verifying a signature requires specifying the algorithm, so it must
	either be in the key file (as the \f[B]alg\f[R] attribute), or passed on
	the command line with the \f[B]\-a\f[R] argument.
	.PP
	\f[B]jwt\-verify\f[R] will not assume the algorithm from the JWT itself
	(for security reasons), however, the algorithm in the JWT must match
	what you provide to \f[B]jwt\-verify\f[R].
	.PP
	Tokens may be passed on the command line, after any options, separated
	by spaces, or passed via \f[B]stdin\f[R], one per line.
	To use \f[B]stdin\f[R], you must pass \f[B]\-\f[R] as the last and only
	argument after any options.
	.PP
	When using the \f[B]\-\-verbose\f[R] option, \f[B]jwt\-verify\f[R] will
	print the JSON \f[I]HEADER\f[R] and \f[I]PAYLOAD\f[R] to
	\f[B]stdout\f[R].
	.PP
	If used in conjunction with \f[B]\-\-print\f[R], the JSON will be piped
	to the command\[cq]s \f[B]stdin\f[R].
	It will be called twice: once for \f[I]HEAD\f[R] and once for
	\f[I]PAYLOAD\f[R].
	.PP
	One use is to pass it through \f[B]jq \-C\f[R] for indenting and
	colorization.
	Another would be to use an external program to validate the
	\f[I]PAYLOAD\f[R] contents.
	A non\-0 exit status from the program will cause verification to fail.
	.SS Options
	.TP
	\f[B]\-h\f[R], \f[B]\-\-help\f[R]
	Show common options and quit.
	.TP
	\f[B]\-l\f[R], \f[B]\-\-list\f[R]
	List all supported algorithms that can be passed to the \f[B]\-a\f[R]
	option and quit.
	.TP
	\f[B]\-v\f[R], \f[B]\-\-verbose\f[R]
	Show the contents of the \f[I]HEADER\f[R] and \f[I]PAYLOAD\f[R] of the
	JWT in addition to verifying the token.
	.TP
	\f[B]\-q\f[R], \f[B]\-\-quiet\f[R]
	Do not output anything except for hard errors.
	The exit value will be the number of token validation failures.
	.TP
	\f[B]\-a\f[R] \f[I]ALG\f[R], \f[B]\-\-algorithm\f[R]=\f[I]ALG\f[R]
	Specify the algorithm to be used when verifying the signature block of
	any tokens passed to the program.
	See \f[B]\-l\f[R] for values of \f[I]ALG\f[R].
	.TP
	\f[B]\-k\f[R] \f[I]FILE\f[R], \f[B]\-\-key\f[R]=\f[I]FILE\f[R]
	Path to a file containing a key in JSON Web Key format.
	If your keys are in PEM or DER (or some other common format that
	\f[I]OpenSSL\f[R] understands), then you can convert it to a JWK with
	the \f[B]key2jwk(1)\f[R] tool.
	.TP
	\f[B]\-p\f[R] \f[I]CMD\f[R], \f[B]\-\-print\f[R]=\f[I]CMD\f[R]
	Pipe JSON of header and payload to \f[I]CMD\f[R] through its
	\f[B]stdin\f[R].
	This option only makes sense with \f[B]\-\-verbose\f[R].
	.SH BUGS
	See GitHub Issues: \c
	.UR https://github.com/benmcollins/libjwt/issues
	.UE \c
	.SH AUTHOR
	\f[B]jwt\-verify\f[R] was originally written by Jeremy Thien.
	Major rewriting and man page by Ben Collins \c
	.MT bcollins@libjwt.io
	.ME \c
	\&.
	.SH SEE ALSO
	\f[B]jwt\-verify(1)\f[R], \f[B]key2jwk(1)\f[R], \f[B]jwk2key(1)\f[R]