Skip to content

Commit 810f81f

Browse files
authored
Added -s/-f flags to skip/force token validation (#132)
* Added -s/-f flags to skip/force token validation As discussed in issue #130, if stdout is a TTY, we will keep the current default behavior of verifying the token. If stdout is not a TTY, we will skip verification of the token by default. The default behavior can be overridden using the -s/-f flags. * Added message to usage indicating that -s is default when stdout is not a TTY, or if scitokens-verify is not available in the PATH. * Redid the line breaks for added message from commit b0ea1f * Removed trailing period at end -s description first line
1 parent 001fecb commit 810f81f

File tree

1 file changed

+37
-2
lines changed

1 file changed

+37
-2
lines changed

htdecodetoken

Lines changed: 37 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,14 @@ usage()
1111
echo 'Decodes a JSON Web Token'
1212
echo ' -a: show algorithm portion of JWT'
1313
echo ' -H: show dates in human readable format instead of epoch'
14+
echo ' -s: skip scitokens-verify validation (cannot be used with -f)'
15+
echo ' This is the default if stdout is not a TTY, or if scitokens-verify'
16+
echo ' is not available in the PATH.'
17+
echo ' -f: force scitokens-verify validation (cannot be used with -s)'
1418
echo 'File name may be "-" to read from stdin.'
1519
echo 'If file name not given, follows WLCG Bearer Token Discovery'
1620
echo ' which is to first try $BEARER_TOKEN, next $BEARER_TOKEN_FILE,'
1721
echo ' and next ${XDG_RUNTIME_DIR:-/tmp}/bt_u`id -u`.'
18-
echo 'If scitokens-verify is available, will also validate the token.'
1922
exit 1
2023
} >&2
2124

@@ -68,10 +71,18 @@ human_dates() {
6871

6972
set -e
7073

74+
# If stdout is not a TTY, we should not validate the token with scitokens-verify by default
75+
SKIPVERIFY=false
76+
if [ ! -t 1 ]; then
77+
SKIPVERIFY=true
78+
fi
79+
7180
SHOWALG=false
7281
HUMANDATE=false
82+
SKIPVERIFYFLAGSET=false
83+
FORCEVERIFYFLAGSET=false
7384
NUMSHIFT=0
74-
while getopts ":aH" opt; do
85+
while getopts ":aHsf" opt; do
7586
case "$opt" in
7687
a)
7788
SHOWALG=true
@@ -81,6 +92,24 @@ while getopts ":aH" opt; do
8192
HUMANDATE=true
8293
(( NUMSHIFT+=1 ))
8394
;;
95+
s)
96+
if "$FORCEVERIFYFLAGSET" ; then
97+
echo "Cannot use both -s and -f options together" >&2
98+
usage
99+
fi
100+
SKIPVERIFY=true
101+
SKIPVERIFYFLAGSET=true
102+
(( NUMSHIFT+=1 ))
103+
;;
104+
f)
105+
if "$SKIPVERIFYFLAGSET" ; then
106+
echo "Cannot use both -s and -f options together" >&2
107+
usage
108+
fi
109+
SKIPVERIFY=false
110+
FORCEVERIFYFLAGSET=true
111+
(( NUMSHIFT+=1 ))
112+
;;
84113
*)
85114
usage
86115
esac
@@ -126,6 +155,12 @@ if "$HUMANDATE" ; then
126155
else
127156
echo "$JWT" | jq .
128157
fi
158+
RET=$?
159+
160+
if "$SKIPVERIFY" ; then
161+
# If we want to skip token verification, exit now
162+
exit $RET
163+
fi
129164

130165
set +e
131166
VERIFY="$(command -v scitokens-verify)"

0 commit comments

Comments
 (0)