Rate this page:

How to Create a JWT Token

In order to use Service accounts, you have to generate a JWT Token. Learn how to do that using CLI and a bash script.

Create a Token

First, you need to create a service account with the UserManager role, then save the result value as a credentials.json file:

CreateKey

CreateKey

Next, create a token.sh file in the same folder with the following code. Note that the code uses a jq tool that is not a built-in command, so you have to install it manually (download jq here).

#!/usr/bin/env bash

credentials="${PWD}/credentials.json"

account_id=$(cat $credentials | jq -r ".account_id")
key_id=$(cat $credentials | jq -r ".key_id")
rsa_secret=$(cat $credentials | jq -r ".private_key")

timestamp() {
  date +"%s"
}

test_payload=$( jq -n \
    --arg iat "$(timestamp)" \
    --arg iss "$account_id" \
    --arg exp "$(($(timestamp)+3600))" \
    '{
        iat: $iat | tonumber,
        iss: $iss | tonumber,
        exp: $exp | tonumber
    }'
)

set -o pipefail

header_template=$( jq -n \
    --arg typ "JWT" \
    --arg alg "RS256" \
    --arg kid "$key_id" \
    '{typ: $typ, alg: $alg, kid: $kid}'
)

b64enc() { openssl enc -base64 -A | tr '+/' '-_' | tr -d '='; }
json() { jq -c . | LC_CTYPE=C tr -d '\n'; }
rs_sign() { openssl dgst -binary -sha"${1}" -sign <(printf '%s\n' "$2"); }

sign() {

    local secret=$rsa_secret
    algo=RS256
    header=$header_template || return
    payload=$test_payload

    signed_content="$(json <<<"$header" | b64enc).$(json <<<"$payload" | b64enc)"

    sig=$(printf %s "$signed_content" | rs_sign "${algo#RS}" "$secret" | b64enc) 

    printf 'Authorization: Bearer %s.%s\n' "${signed_content}" "${sig}"
}

sign
Permissions

You may need to do run chmod +x token.sh for the script to execute properly.

Quick Copy-paste

You can create a token.sh by downloading the script from our site:

curl https://voximplant.com/assets/images/2020/08/06/jwt.sh --output token.sh

How to Use It

Now you can use in your JWT token in CLI via curl with the -H key specified. For example, this is how you can request the first 20 users of the specified Voximplant application:

GetUsers

GetUsers