How to decode jwt token in javascript without using a library?

javascript jwt
Chrisk8er picture Chrisk8er · Jul 24, 2016 · Viewed 214.7k times · Source

How can I decode the payload of JWT using JavaScript? Without a library. So the token just returns a payload object that can consumed by my front-end app.

Example token: xxxxxxxxx.XXXXXXXX.xxxxxxxx

And the result is the payload:

{exp: 10012016 name: john doe, scope:['admin']}

Answer

Peheje picture Peheje · Jul 24, 2016

Working unicode text JWT parser function:

function parseJwt (token) {
    var base64Url = token.split('.')[1];
    var base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
    var jsonPayload = decodeURIComponent(atob(base64).split('').map(function(c) {
        return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
    }).join(''));

    return JSON.parse(jsonPayload);
};

Related questions

Invalidating JSON Web Tokens

For a new node.js project I'm working on, I'm thinking about switching over from a cookie based session approach (by this, I mean, storing an id to a key-value store containing user sessions in a user's browser) to a …

Read More
How to send a token with an AJAX request from jQuery

I use express-jwt and create my token via jQuery and save it in my localStorage with: $.ajax({ url: "http://localhost:8080/login", type: 'POST', data: formData, error : function(err) { console.log('Error!', err) }, success: function(data) { console.log('Success!') …

Read More
Best practices to invalidate JWT while changing passwords and logout in node.js?

I would like to know the best practices to invalidate JWT without hitting db while changing password/logout. I have the idea below to handle above 2 cases by hitting the user database. 1.Incase of password changes, I check for password(…

Read More