How to decode JWT token to get details of Header and Payload using nimbus-jose-jwt?
Asked Answered
M

2

3

I have the following JWT token that I want to decode:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UQXhabU14TkRNeVpEZzNNVFUxWkdNME16RXpPREpoWldJNE5ETmxaRFUxT0dGa05qRmlNUSJ9.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJTYW1wYXRoIiwiYXBwbGljYXRpb24iOnsiaWQiOjMsIm5hbWUiOiJUZXN0IEpXVCIsInRpZXIiOiJVbmxpbWl0ZWQiLCJvd25lciI6IlNhbXBhdGgifSwic2NvcGUiOiJhbV9hcHBsaWNhdGlvbl9zY29wZSBkZWZhdWx0IiwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJcL3Rva2VuIiwia2V5dHlwZSI6IlBST0RVQ1RJT04iLCJzdWJzY3JpYmVkQVBJcyI6W10sImNvbnN1bWVyS2V5IjoiRlBHa2dKNndQMGZWMUtNS3FkRW83X1U1ZFNFYSIsImV4cCI6MTU0OTU0MjM0NSwiaWF0IjoxNTQ5NTM4NzQ1Mjc4LCJqdGkiOiJjMDU4ODMxYS03Yzg0LTQwZGEtYTFkOC04NWRiNGE2YzY4ZDMifQ==.g3CZ6PfirbN9rUHDhWxXNbqA49ne2Fam_SXWiKUBfQN10ddLIKrY8L8xalQ0DX3LiQg0TmdYspR4vVd3Mfji919UJEFSe894JD-PqFTFcvVsLgLm9pWNoyXNVEz6gTiR5JM_UlAPZ4N8FjCla9tMjRfiG-l4gvdmXhF84_a7IwwVLY7DkOs0m-7UK3evB005QZJ5_vmYEtAFV6pFzSt3Jz_fqEPR4RIkrjUIei7m4KyQ3QEl-_ZuhPn80UrACbFqyIQ0Fl71cMQ5V28AXKt8AitGT53XL0LK-cnNmQqyy8WTNRaWmVAZIW7XOCcHBkg9diWy-uZvHSL3pig9Pfr0sg==

If I do this online, I get the following response:

// HEADER
    {
      "typ": "JWT",
      "alg": "RS256",
      "x5t": "NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ"
    },
// PAYLOAD
    {
      "aud": "http://org.wso2.apimgt/gateway",
      "sub": "Sampath",
      "application": {
        "id": 3,
        "name": "Test JWT",
        "tier": "Unlimited",
        "owner": "Sampath"
      },
      "scope": "am_application_scope default",
      "iss": "https://localhost:9443/oauth2/token",
      "keytype": "PRODUCTION",
      "subscribedAPIs": [],
      "consumerKey": "FPGkgJ6wP0fV1KMKqdEo7_U5dSEa",
      "exp": 1549542345,
      "iat": 1549538745278,
      "jti": "c058831a-7c84-40da-a1d8-85db4a6c68d3"
    }

How can I do it using using Java code and Nimbus?

Maybellemayberry answered 28/8, 2019 at 16:12 Comment(0)
A
9

With Nimbus: https://connect2id.com/products/nimbus-jose-jwt/examples/jose-jwt-parsing

pom.xml

<dependency>
    <groupId>com.nimbusds</groupId>
    <artifactId>nimbus-jose-jwt</artifactId>
    <version>9.x</version>
</dependency>

yourClass.java

/**
 * accessToken: the JWT string text.
**/
private String parseJWT(String accessToken) {
    try {
        var decodedJWT = SignedJWT.parse(accessToken);
        var header = decodedJWT.getHeader().toString();
        var payload = decodedJWT.getPayload().toString();
    } catch (ParseException e) {
        throw new Exception("Invalid token!");
    }
}

You can also change SignedJWT with EncryptedJWT or PlainJWT, depending on the type of token you have (the one in your in your example is a signed one).

Adalie answered 24/6, 2020 at 10:48 Comment(0)
F
1

Include

<dependency>
  <groupId>io.jsonwebtoken</groupId>
  <artifactId>jjwt</artifactId>
  <version>0.9.1</version>
</dependency>

Then try below sample

 public class Test {
        private static Object decode(String jwt) throws NoSuchAlgorithmException, InvalidKeySpecException {
            String publicKeyContent =
                    "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPfD8thRbT1Md0xzA55zSzA084bevOGgFg1Jx5n2Fjtk5sJ" +
                            "piTKaWvw92gRoZm0F0UzJ+lo55CiUKWBHIR9y+FcsEotaWjjAx9llqFzbRkCc3x9TCKyCG0Pr6OwRZdAWYFTaEI7m" +
                            "eAfen+LuIUazwYBXfO7nVrzXg4EbMHL+wwUhalOJxkzBhXDOHnWKIQdNBSWUbl3RetWpGWYOzM9ePgGv2GbXgXFp4NYhS" +
                            "hqDewIAhG2KhJHFR4E10GLEOzKep6VhOX3dRH897QuSnud5c" +
                            "hoVrYePldzc2QGJYosgfn/oFfOTb+Kj4HQtOmvJvZZRfI7lWMjOgHen12vH8dOr0QIDAQAB";
    
            KeyFactory kf = KeyFactory.getInstance("RSA");
            X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(Base64.getDecoder().decode(publicKeyContent));
            RSAPublicKey pubKey = (RSAPublicKey) kf.generatePublic(keySpecX509);
            return  Jwts.parser()
                    .setSigningKey(pubKey)
                    .parseClaimsJws(jwt).getBody().get("preferred_username");
        }
    
    
    
        public static void main(String[] arg) throws InvalidKeySpecException, NoSuchAlgorithmException {
            System.out.println(decode("eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJRcm5CVjYwVkZvZF9ZaEw2Um5QNXp1NGNXNWZra1VNZ2EwQWJrdmt0VVo0In0.eyJleHAiOjE2MTY0MjY1NzksImlhdCI6MTYxNjQyNTk3OSwianRpIjoiMDU4ZDNjYzItMGY5OC00ODBlLWI0NGEtM2ExOWUzNDQyNzkzIiwiaXNzIjoiaHR0cDovL3Nlc3Rhd2tjMDFkZXYuYXBpY2EubG9jYWw6ODA4MC9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiIxMzI1YjM5Ny1mNzk4LTRmYTAtOGE2MC04OWRlM2MzZmQ0YmIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJzZXNzaW9uX3N0YXRlIjoiY2Y3YzYxN2MtNTFlMy00NGIzLTk0MmItMTk4NDA0NmNlNWNmIiwiYWNyIjoiMSIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4ifQ.J76L_obm89kFAL7zwg5wt1Qni6r7GZYDdgbWCfEKZfKwDc95cOOnfX2ULvglRCJ-Noaq5JKmZgkyg0wRJKeny-9yEwu0KZJuuJXF4pVvjjjYQIY4o4f8XkXaMvZmR4Lvo-MXQr3yKSsSVfWte2rj4nvc_2COQId1e1YLCJR1h00eiahGCzao8UOizmQfMtBSP0V6waSCgi2LUqBGRtoP8xlRD3UD4w4wBS8_H72NXRSLBVHvJ7G6Qy3-yScnVIldibiqhNj5_htiFS7I32sQxLdNluoAXFy3SjkgcX7ibnaZTvE2l7Wn1izMaq3qVUV25FxCJrVpbbzyu8XAL7o0KQ"));
        }
    }
Forcemeat answered 22/3, 2021 at 15:26 Comment(2)
Jwts.parser() and setSigningKey are deprecatedTogliatti
@Togliatti parser is not deprecated.Assumed

© 2022 - 2024 — McMap. All rights reserved.