JSON Web Tokens are often times used for authentication delegation from one system to another. They can be decoded for debugging purposes. While most tooling supports decoding base64, JWTs are of type Base64url, which is slightly different and needs to be accounted for.
This assumes you already have the JWT in hand, e.g. after scraping it out of an HTTP(S) request via Browser Developer Tools or some kind of proxy.
$ TOKEN=<paste your token here>
$ HEADER=$(echo "$TOKEN" | cut -d. -f1)
$ PAYLOAD=$(echo "$TOKEN" | cut -d. -f2)
$ b64urldecode() {
local data="$1"
# base64url -> base64 + padding
data=${data//-/+}; data=${data//_//};
local pad=$((4 - ${#data} % 4)); [[ $pad -lt 4 ]] && data+=$(printf '=%.0s' $(seq 1 $pad))
echo -n "$data" | base64 -d 2>/dev/null
}
$ echo "== header =="; b64urldecode "$HEADER" | jq .
$ echo "== payload =="; b64urldecode "$PAYLOAD" | jq .
To also check for issuing and expiration date:
$ $ EXP=$(b64urldecode "$PAYLOAD" | jq -r .exp); date -d @"$EXP"
$ IAT=$(b64urldecode "$PAYLOAD" | jq -r .iat); date -d @"$IAT"
