A BASH drop-in replacement for the create_jwt.py used in Lagoon (requires openssl & jq)

create_jwt.sh

#!/usr/bin/env bash

#
# JWT Encoder Bash Script
# modified from https://willhaley.com/blog/generate-jwt-with-bash/

# 

secret=${JWTSECRET}

# Static header fields.
header='{
	"typ": "JWT",
	"alg": "HS256"
}'

# Use jq to set the dynamic `iat` and `exp`
# fields on the header using the current time.
# `iat` is set to now, and `exp` is now + 60 seconds.
# header=$(
# 	echo "${header}" | jq --arg time_str "$(date +%s)" \
# 	'
# 	($time_str | tonumber) as $time_num
# 	| .iat=$time_num
# 	| .exp=($time_num + 60)
# 	'
# )

payload=$(
    printf '{
	"role": "admin",
	"iss": "auto-idler",
    "aud": "%s",
	"sub": "auto-idler"
    }' "${JWTAUDIENCE}"
)

base64_encode()
{
	declare input=${1:-$(</dev/stdin)}
	# Use `tr` to URL encode the output from base64.
	printf '%s' "${input}" | base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n'
}

json() {
	declare input=${1:-$(</dev/stdin)}
	printf '%s' "${input}" | jq -c .
}

hmacsha256_sign()
{
	declare input=${1:-$(</dev/stdin)}
	printf '%s' "${input}" | openssl dgst -binary -sha256 -hmac "${secret}"
}

header_base64=$(echo "${header}" | json | base64_encode)
payload_base64=$(echo "${payload}" | json | base64_encode)

header_payload=$(echo "${header_base64}.${payload_base64}")
signature=$(echo "${header_payload}" | hmacsha256_sign | base64_encode)

echo "${header_payload}.${signature}"