How to decode jwt token in POSTMAN?

Question

I want to decode jwt token that I received using Postman and implement it in REST API. How can I do that? I saw people posted code to decode the jwt token (reference: How to decode jwt token in javascript without using a library?) but I dont understand how to do it in postman? What url needed to decode the jwt? What headers, authorisation needed?

It's quite unclear what you really want. Decode in Postman? What's the purpose? Click on [edit] to add more information to your question. — jps, Dec 14 '20 at 07:54
@jps https://stackoverflow.com/questions/38552003/how-to-decode-jwt-token-in-javascript-without-using-a-library this is the reference. I wanted to use the code here but not sure how to use this in postman — Kai950, Dec 14 '20 at 08:06

PDHide · Accepted Answer · 2020-12-14T14:20:53.880

Postman supports cryptojs library : https://learning.postman.com/docs/writing-scripts/script-references/postman-sandbox-api-reference/#using-external-libraries

Add below example to postman test script:

let jwt = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.UsrGn95rk5DStcC_WwIr3WIv5rHe2IApX56I58l8uyo`

a = jwt.split('.');


//a.forEach(function (val) {
    var words = CryptoJS.enc.Base64.parse(a[1]);
    var textString = CryptoJS.enc.Utf8.stringify(words);

    console.log(textString)
//})

Output:

The hmacSHA256 is not an encryption algorithm but an Hashing algorithm so there is no way to decode it as hashing is one-way function.

as the last part is in the form

HMACSHA256 of ( base64(header) + "." + base64(body) )

you can try creating it and equating both are equal

score 0 · Answer 2 · answered Dec 14 '20 at 06:01

0

https://jwt.io/ if you'd like, which can solve your problem, you can also download some plugins if you use any IDE

answered Dec 14 '20 at 06:01

Jimmy Guo

1,140
1
8
21

I need to implement it in my API flow so I cant use jwt.io website – Kai950 Dec 14 '20 at 06:13

score 0 · Answer 3 · answered May 02 '22 at 13:57

You can manually parse using atob function that decodes a Base64 string. (https://developer.mozilla.org/pt-BR/docs/Web/API/atob)

And it's available on Postman scripts.

Something like this:

// Sample JWT
let jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'

let [jwtHeader, jwtPayload, jwtSignature] = jwt.split('.')

let jwtPayloadJsonString = atob(jwtPayload)

console.log(jwtPayloadJsonString)

let jwtPayloadJson = JSON.parse(jwtPayloadJsonString)

console.log(jwtPayloadJson)

score 0 · Answer 4 · answered May 13 '22 at 08:59

Building on PDHide’s answer, I came up with this ready-to-use snippet for Postman:

var jsonData = JSON.parse(responseBody);

let [header, payload, signature] = jsonData.access_token.split('.');

function decode(x) {
    let wordArray = CryptoJS.enc.Base64.parse(x);
    let str = CryptoJS.enc.Utf8.stringify(wordArray);
    return JSON.parse(str);
}

console.log("Header: ", decode(header));
console.log("Payload: ", decode(payload));

See this link for more information on the three parts of a JSON Web Token (header, payload and signature).

How to decode jwt token in POSTMAN?

4 Answers4

Linked