JSON Web Tokens (JWTs) enable stateless and secure client-server communication. By encoding claims—such as user identity and authorization details—into a signed token, servers can grant access without maintaining server-side session state. When interacting with protected HTTP endpoints, JWTs can be included in wget requests to verify and authorize access.
Clients first obtain a JWT by authenticating against an authorization server. Once the token is acquired, it is added to the Authorization header in subsequent requests. The server validates the token’s signature and claims to ensure it’s not expired or tampered with before granting access.
Integrating JWT authentication with wget simplifies command-line automation, enabling secure API calls without constantly re-entering credentials. Keeping tokens fresh and protected ensures a reliable and safe mechanism to access sensitive resources over HTTP.
Steps to authenticate using JWT in wget:
- Obtain the JWT by authenticating with the server.
$ wget --header="Content-Type: application/json" --post-data='{"username":"user","password":"pass"}' http://example.com/auth/login -O - { "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." }
The server responds with a token upon successful authentication.
- Extract the JWT and store it in an environment variable for reuse.
$ JWT=$(wget --header="Content-Type: application/json" --post-data='{"username":"user","password":"pass"}' http://example.com/auth/login -O - | jq -r '.token')
The jq command extracts the token from the JSON response.
- Include the JWT in the Authorization header for subsequent requests.
$ wget --header="Authorization: Bearer $JWT" http://example.com/api/protected -O output.json
Replace the URL with your protected endpoint. The server validates the JWT before granting access.
- Check for 401 Unauthorized or 403 Forbidden responses to troubleshoot authentication issues.
If authentication fails, verify the token’s validity or obtain a new one.
- Refresh the JWT when it expires by sending a refresh token.
$ wget --header="Content-Type: application/json" --post-data='{"refreshToken":"<your_refresh_token>"}' http://example.com/auth/refresh -O - { "token":"NEW_JWT_TOKEN" }
Use the refresh token endpoint to get a new JWT as needed.
- Automate these steps in a script for seamless authenticated requests.
Scripting allows regular token retrieval and reuse without manual intervention.

Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.