istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/tools/jwt/README.md

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/tools/jwt/README.md (about)

     1  # Generate Json Web Tokens Signed by Google Service Account
     2  
     3  The python script (sa-jwt.py) provided here allows the user to generate a JWT signed
     4  by a Google service account.
     5  
     6  ## Before you start
     7  
     8  - Run the following command to install python dependences.
     9  
    10      ```
    11      pip install google-auth
    12      ```
    13  
    14  - Create a service account or use an existing service account, and download the service account private key.
    15  
    16      - In the [Service Accounts page](https://console.cloud.google.com/iam-admin/serviceaccounts),
    17      click CREATE SERVICE ACCOUNT, or select one of the existing service accounts.
    18  
    19      - Click "Create Key" from the drop-down menu, and select the default JSON key type. The key file
    20      will automatically downloads to your computer.
    21  
    22  ## Usage
    23  
    24  Type the following command to see the help message.
    25  
    26  ```bash
    27  python sa-jwt.py -h
    28  ```
    29  
    30  It outputs the following:
    31  
    32  ```plain
    33  usage: ./sa-jwt.py [-h] [-iss ISS] [-aud AUD] [-sub SUB] [-claims CLAIMS] service_account_file
    34  
    35  Python script generates a JWT signed by a Google service account
    36  
    37  positional arguments:
    38    service_account_file  The path to your service account key file (in JSON
    39                          format).
    40  
    41  optional arguments:
    42    -h, --help            show this help message and exit
    43    -iss ISS, --iss ISS   iss claim. This should be your service account email.
    44    -aud AUD, --aud AUD   aud claim. This is comma-separated-list of audiences.
    45    -sub SUB, --sub SUB   sub claim. If not provided, it is set to the same as
    46                          iss claim.
    47    -claims CLAIMS, --claims CLAIMS
    48                          Other claims in format name1:value1,name2:value2 etc.
    49                          Only string values are supported.
    50  ```
    51  
    52  ## Example
    53  
    54  Here is an example of using sa-jwt.py to generate a JWT token.
    55  
    56  ```bash
    57  ./sa-jwt.py /path/to/service_account.json -iss frod@gserviceaccount.com -aud foo,bar
    58  ./sa-jwt.py /path/to/service_account.json -iss frod@gserviceaccount.com -aud foo,bar -claims key1:value1,key2:value2
    59  ```