Nexmo / nexmo-cli

Nexmo CLI (Command Line Interface)
https://nexmo.com
MIT License
78 stars 52 forks source link

Create JWTs with command #88

Closed leggetter closed 8 years ago

leggetter commented 8 years ago

It would be great if the CLI could create a JWT. This functionality will eventually be within the library (we should probably add to nexmo-node for this), but it would be very handy to be able to quickly create a JWT.

Something like:

nexmo jwt:generate application_id key_file_path

Open to improvements upon the above suggested command/parameters.

There may be a jwt:validate or jwt:verify. One thing to consider here is that we avoid confusion with the Verify product.

cbetta commented 8 years ago

@leggetter so not too familiar as to what these JWTs and the private keys are used for yet so asking:

Could we use them as the authentication of the CLI? I'm just thinking if we need to add that in.

leggetter commented 8 years ago

The JWTs are used as a replacement for Key/Secret. But only for some API resources.

In the future all APIs could use it and you could potentially do nexmo setup --jwt {JWT}

cbetta commented 8 years ago

@leggetter cool. I think ideally down the line what should happen is you login, it verifies you, creates a JWT and stores that in the .nexmorc file (rather than the current username and password)

cbetta commented 8 years ago

@leggetter so looking into this now and trying to see what we can do and how

Your proposed workflow would be:

> nexmo app:create "Test Application 1" http://example.com http://example.com  --keyfile private.key
Application created: asdasdas-asdd-2344-2344-asdasdasd345
Private Key saved to: private.key

> nexmo jwt:create asdasdas-asdd-2344-2344-asdasdasd345 private.key
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw

I think we should add this function but maybe also add a --jwt flag on creation:

> nexmo app:create "Test Application 1" http://example.com http://example.com  --keyfile private.key --jwt
Application created: asdasdas-asdd-2344-2344-asdasdasd345
Private Key saved to: private.key
JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw

And in verbose this would look like this:

> nexmo app:create "Test Application 1" http://example.com http://example.com -v --jwt
[id]
asdasdas-asdd-2344-2344-asdasdasd345

[name]
Test Application 1

[voice.webhooks.0.endpoint_type]
event_url

[voice.webhooks.0.endpoint]
http://example.com

[voice.webhooks.0.http_method]
POST

[voice.webhooks.1.endpoint_type]
answer_url

[voice.webhooks.1.endpoint]
http://example.com

[voice.webhooks.1.http_method]
GET

[keys.public_key]
...

[keys.private_key]
...

[_links.self.href]
/applications/asdasdas-asdd-2344-2344-asdasdasd345

[jwt]
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.yRQYnWzskCZUxPwaQupWkiUzKELZ49eM7oWxAQK_ZXw
leggetter commented 8 years ago

@tjlytle - how would you like this command to look in order to support additional claims?

tjlytle commented 8 years ago

@leggetter Taking this as the current example:

nexmo jwt:generate application_id key_file_path

application_id should be optional (for future use), and allow setting arbitrary values (for future use). Perhaps something like (borrowed from HTTPie's usage):

nexmo jwt:generate key_file_path application_id=abcd1234 subject=tjlytle acl="complex_value, with_spaces, and_commas"
leggetter commented 8 years ago

Closed by #97