Emma Heinle
new
Stefan Xenopol
4 months
Claus-Theodor Riegg
9 years
Claus-Theodor Riegg
8 years
Claus-Theodor Riegg
7 years
Stefan Langenmaier
1 year

Decode JWTs

Posted . Visible to the public.

JSON Web Tokens are often times used for authentication delegation from one system to another. They can be decoded for debugging purposes. While most tooling supports decoding base64, JWTs are of type Base64url, which is slightly different and needs to be accounted for.

This assumes you already have the JWT in hand, e.g. after scraping it out of an HTTP(S) request via Browser Developer Tools or some kind of proxy.

$ TOKEN=<paste your token here>
$ HEADER=$(echo "$TOKEN" | cut -d. -f1)
$ PAYLOAD=$(echo "$TOKEN" | cut -d. -f2)
$ b64urldecode() {
  local data="$1"
  # base64url -> base64 + padding
  data=${data//-/+}; data=${data//_//};
  local pad=$((4 - ${#data} % 4)); [[ $pad -lt 4 ]] && data+=$(printf '=%.0s' $(seq 1 $pad))
  echo -n "$data" | base64 -d 2>/dev/null
}
$ echo "== header ==";  b64urldecode "$HEADER" | jq .
$ echo "== payload =="; b64urldecode "$PAYLOAD" | jq .

To also check for issuing and expiration date:

$ $ EXP=$(b64urldecode "$PAYLOAD" | jq -r .exp); date -d @"$EXP"
$ IAT=$(b64urldecode "$PAYLOAD" | jq -r .iat); date -d @"$IAT"
Emma Heinle
Last edit
Emma Heinle
License
Source code in this card is licensed under the MIT License.