Tokens for Testing

Compatible with * OAuth2 * OpenID Connect (OIDC) * JOSE (Signed Access Tokens) * JWT * JWK * JWS


* * * * * * * POST { "kty":"EC", "crv":"P-256", "x":"xxx", "y":"yyy" } * GET

Get a token

Get a verifiable access token For example: TOKEN=$(curl -fL You can set the expiration (`exp`) with query parameters: * (+90 days) * (+3 hours) * (+15 minutes) * (exactly 2019-08-13 5:30pm) (you can also get the whole header) For example: HEADER=$(curl -fL # Authorization: Bearer <token>

Inspecting the Token

You can see its decoded form at the `inspect_token` endpoint: curl -fL \ -H "$(curl -fL"

The Token, Decoded

The Token will look like this: eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IlU1Ym0tQUxtSVFOQ3hfMlFPT1piSm5Ec0d1aEd4WkRnV053alNqck5IbzQifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwODAvIiwic3ViIjoiZHVtbXkiLCJleHAiOjE1NjI4NzEyNTh9.PWK2eTDQcVCpT_weogKuh4bHInnjqY6TGSnQzwEIc133WnJ1eUmLjq799COxSW7Dr6Khm1Po-CAXGVwCADIBEw The first part is the JWS protected header. Decoded, it looks like this: {"typ":"JWT","alg":"ES256","kid":"U5bm-ALmIQNCx_2QOOZbJnDsGuhGxZDgWNwjSjrNHo4"} The second part is the JWS payload of JWT claims. Decoded, it looks like this: {"iss":"http://localhost:4080/","sub":"dummy","exp":1562871258} The third part is the signature. It can't be "decoded", per se. It's two positive 32-bit BigInts called R and S, padded with zeros to fill out all the bytes.

Validate the Issuer

The token be signed and verifiable. If the token issuer (iss) is "" * the key url (jwks_uri) will be found at "" * which will point to "" * where there will be a key whose thumbprint (kid) matches that in the token The public key found there will look like this: { "crv":"P-256" , "x":"ToL2HppsTESXQKvp7ED6NMgV4YnwbMeONexNry3KDNQ" , "y":"Tt6Q3rxU37KAinUV9PLMlwosNy1t3Bf2VDg5q955AGc" }

Get the Private Key

In truth, there's only one private key right now. You shouldn't use it for automated testing, because it will change, but it looks like this: { "crv":"P-256" , "x":"ToL2HppsTESXQKvp7ED6NMgV4YnwbMeONexNry3KDNQ" , "y":"Tt6Q3rxU37KAinUV9PLMlwosNy1t3Bf2VDg5q955AGc" , "d":"GYAwlBHc2mPsj1lp315HbYOmKNJ7esmO3JAkZVn9nJs" }


Choose Password

Already have an account?

Existing User

Incorrect Password

New Device

Check your email to confirm new device.