Closed leggetter closed 8 years ago
@leggetter so not too familiar as to what these JWTs and the private keys are used for yet so asking:
Could we use them as the authentication of the CLI? I'm just thinking if we need to add that in.
The JWTs are used as a replacement for Key/Secret. But only for some API resources.
In the future all APIs could use it and you could potentially do nexmo setup --jwt {JWT}
@leggetter cool. I think ideally down the line what should happen is you login, it verifies you, creates a JWT and stores that in the .nexmorc file (rather than the current username and password)
@leggetter so looking into this now and trying to see what we can do and how
Your proposed workflow would be:
> nexmo app:create "Test Application 1" http://example.com http://example.com --keyfile private.key
Application created: asdasdas-asdd-2344-2344-asdasdasd345
Private Key saved to: private.key
> nexmo jwt:create asdasdas-asdd-2344-2344-asdasdasd345 private.key
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw
I think we should add this function but maybe also add a --jwt
flag on creation:
> nexmo app:create "Test Application 1" http://example.com http://example.com --keyfile private.key --jwt
Application created: asdasdas-asdd-2344-2344-asdasdasd345
Private Key saved to: private.key
JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw
And in verbose this would look like this:
> nexmo app:create "Test Application 1" http://example.com http://example.com -v --jwt
[id]
asdasdas-asdd-2344-2344-asdasdasd345
[name]
Test Application 1
[voice.webhooks.0.endpoint_type]
event_url
[voice.webhooks.0.endpoint]
http://example.com
[voice.webhooks.0.http_method]
POST
[voice.webhooks.1.endpoint_type]
answer_url
[voice.webhooks.1.endpoint]
http://example.com
[voice.webhooks.1.http_method]
GET
[keys.public_key]
...
[keys.private_key]
...
[_links.self.href]
/applications/asdasdas-asdd-2344-2344-asdasdasd345
[jwt]
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw
@tjlytle - how would you like this command to look in order to support additional claims?
@leggetter Taking this as the current example:
nexmo jwt:generate application_id key_file_path
application_id
should be optional (for future use), and allow setting arbitrary values (for future use). Perhaps something like (borrowed from HTTPie's usage):
nexmo jwt:generate key_file_path application_id=abcd1234 subject=tjlytle acl="complex_value, with_spaces, and_commas"
Closed by #97
It would be great if the CLI could create a JWT. This functionality will eventually be within the library (we should probably add to
nexmo-node
for this), but it would be very handy to be able to quickly create a JWT.Something like:
Open to improvements upon the above suggested command/parameters.
There may be a
jwt:validate
orjwt:verify
. One thing to consider here is that we avoid confusion with the Verify product.