解码 JWT

关于 JWT

什么是 JWT?

JSON Web Token(JWT)是一种紧凑、自包含的方式,用于在各方之间以 JSON 对象的形式安全传递信息。它由三部分组成:头部、载荷和签名。

为什么使用 JWT?

当需要无状态身份验证时,尤其是在 API 或分布式系统中,可以使用 JWT。它允许服务器在无需存储会话数据的情况下验证用户身份。

Bash 中的 JWT

Vanilla (base64 + jq)

# Decode JWT header and payload
jwt="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
echo "$jwt" | cut -d'.' -f1 | base64 -d 2>/dev/null | jq .
echo "$jwt" | cut -d'.' -f2 | base64 -d 2>/dev/null | jq .

Using jwt-cli

# Install: https://github.com/mike-engel/jwt-cli
jwt decode "$jwt"

JavaScript 中的 JWT

Using jsonwebtoken (Node.js)

const jwt = require('jsonwebtoken');
const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
const decoded = jwt.decode(token, { complete: true });
console.log(decoded.header);
console.log(decoded.payload);

Vanilla (Browser)

const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
const payload = JSON.parse(atob(token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/')));
console.log(payload);

Vanilla (Node.js)

const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64url').toString());
console.log(payload);

Go 语言中的 JWT

Using golang-jwt/jwt

package main
import (
	"fmt"
	"github.com/golang-jwt/jwt/v5"
)
func main() {
	token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
	parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
		return []byte("your-secret"), nil
	})
	if err != nil {
		panic(err)
	}
	fmt.Println(parsed.Header)
	fmt.Println(parsed.Claims)
}

Vanilla (standard library)

package main
import (
	"encoding/base64"
	"encoding/json"
	"fmt"
	"strings"
)
func main() {
	token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
	parts := strings.Split(token, ".")
	payload, _ := base64.RawURLEncoding.DecodeString(parts[1])
	var claims map[string]interface{}
	json.Unmarshal(payload, &claims)
	fmt.Println(claims)
}

PHP 中的 JWT

Using firebase/php-jwt

<?php
require 'vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;

$token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
$decoded = JWT::decode($token, new Key('your-secret', 'HS256'));
print_r($decoded);
?>

Vanilla

<?php
$token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
$parts = explode(".", $token);
$payload = json_decode(base64_decode(strtr($parts[1], "-_", "+/")), true);
print_r($payload);
?>

© 2024 decode.click

v0.0.3