JSON Web Tokens

Example token


Note tokens can be much different sizes depending on what algorithm is used.

Three Parts

echo $JWT | cut -d "." -f1
echo $JWT | cut -d "." -f2
echo $JWT | cut -d "." -f3

All three parts are base64url-encoded (rfc). Neither base64 nor jq fully support base64url encoding, though it works sometimes. The first two parts are JSON, the third is…? The third part is a signature.

In the example token, the first part decodes properly, second part does not.


echo $JWT | cut -d "." -f1 | base64 --decode

Does not completey work, missing last } character:

echo $JWT | cut -d "." -f2 | base64 --decode
{"sub":"1234567890","name":"John Doe","iat":1516239022

More reliable decoding, using only jq:

echo $JWT | jq -R 'gsub("-";"+") | gsub("_";"/") | split(".") | .[1] | @base64d | fromjson'
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022