6

I want to decode jwt token that I received using Postman and implement it in REST API. How can I do that? I saw people posted code to decode the jwt token (reference: How to decode jwt token in javascript without using a library?) but I dont understand how to do it in postman? What url needed to decode the jwt? What headers, authorisation needed?

Kai950
  • 109
  • 1
  • 8
  • It's quite unclear what you really want. Decode in Postman? What's the purpose? Click on [edit] to add more information to your question. – jps Dec 14 '20 at 07:54
  • @jps https://stackoverflow.com/questions/38552003/how-to-decode-jwt-token-in-javascript-without-using-a-library this is the reference. I wanted to use the code here but not sure how to use this in postman – Kai950 Dec 14 '20 at 08:06

6 Answers6

4

Postman supports cryptojs library : https://learning.postman.com/docs/writing-scripts/script-references/postman-sandbox-api-reference/#using-external-libraries

Add below example to postman test script:

let jwt = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.UsrGn95rk5DStcC_WwIr3WIv5rHe2IApX56I58l8uyo`

a = jwt.split('.');


//a.forEach(function (val) {
    var words = CryptoJS.enc.Base64.parse(a[1]);
    var textString = CryptoJS.enc.Utf8.stringify(words);

    console.log(textString)
//})

Output:

enter image description here

The hmacSHA256 is not an encryption algorithm but an Hashing algorithm so there is no way to decode it as hashing is one-way function.

as the last part is in the form

HMACSHA256 of ( base64(header) + "." + base64(body) )

you can try creating it and equating both are equal

PDHide
  • 18,113
  • 2
  • 31
  • 46
3

You can manually parse using atob function that decodes a Base64 string. (https://developer.mozilla.org/pt-BR/docs/Web/API/atob)

And it's available on Postman scripts.

Something like this:

// Sample JWT
let jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'

let [jwtHeader, jwtPayload, jwtSignature] = jwt.split('.')

let jwtPayloadJsonString = atob(jwtPayload)

console.log(jwtPayloadJsonString)

let jwtPayloadJson = JSON.parse(jwtPayloadJsonString)

console.log(jwtPayloadJson)
Victor Sodré
  • 31
  • 2
1

Building on PDHide’s answer, I came up with this ready-to-use snippet for Postman:

var jsonData = JSON.parse(responseBody);

let [header, payload, signature] = jsonData.access_token.split('.');

function decode(x) {
    let wordArray = CryptoJS.enc.Base64.parse(x);
    let str = CryptoJS.enc.Utf8.stringify(wordArray);
    return JSON.parse(str);
}

console.log("Header: ", decode(header));
console.log("Payload: ", decode(payload));

See this link for more information on the three parts of a JSON Web Token (header, payload and signature).

kotchwane
  • 2,082
  • 1
  • 19
  • 24
1

This approach takes it one step further and uses the visualizer tab in postman to create a custom view to display any information you want to see:

https://medium.com/@jeff.heienickle/how-to-decode-a-json-web-token-in-postman-5312b3434462

joos
  • 11
  • 2
0

https://jwt.io/ if you'd like, which can solve your problem, you can also download some plugins if you use any IDE

Jimmy Guo
  • 1,288
  • 1
  • 9
  • 24
0

using CryptoJS

const payloadRaw = jwt.split('.')[1]
const payloadBase64 = CryptoJS.enc.Base64.parse(payloadRaw);
const payload = JSON.parse(payloadBase64.toString(CryptoJS.enc.Utf8));
Suhas C V
  • 104
  • 1
  • 5