A JSON Web Token (JWT) is a compact, self-contained way to transmit information between parties as a JSON object. It consists of three parts: header, payload, and signature.
Use JWTs when you need stateless authentication, especially for APIs or distributed systems, since they let servers verify users without storing session data.
# Decode JWT header and payload
jwt="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
echo "$jwt" | cut -d'.' -f1 | base64 -d 2>/dev/null | jq .
echo "$jwt" | cut -d'.' -f2 | base64 -d 2>/dev/null | jq .
# Install: https://github.com/mike-engel/jwt-cli
jwt decode "$jwt"
const jwt = require('jsonwebtoken');
const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
const decoded = jwt.decode(token, { complete: true });
console.log(decoded.header);
console.log(decoded.payload);
const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
const payload = JSON.parse(atob(token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/')));
console.log(payload);
const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64url').toString());
console.log(payload);
package main
import (
"fmt"
"github.com/golang-jwt/jwt/v5"
)
func main() {
token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
return []byte("your-secret"), nil
})
if err != nil {
panic(err)
}
fmt.Println(parsed.Header)
fmt.Println(parsed.Claims)
}
package main
import (
"encoding/base64"
"encoding/json"
"fmt"
"strings"
)
func main() {
token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
parts := strings.Split(token, ".")
payload, _ := base64.RawURLEncoding.DecodeString(parts[1])
var claims map[string]interface{}
json.Unmarshal(payload, &claims)
fmt.Println(claims)
}
<?php
require 'vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
$token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
$decoded = JWT::decode($token, new Key('your-secret', 'HS256'));
print_r($decoded);
?>
<?php
$token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
$parts = explode(".", $token);
$payload = json_decode(base64_decode(strtr($parts[1], "-_", "+/")), true);
print_r($payload);
?>