Is there a nice way (using maybe some library) to get only payload from JWT saved as string variable? Other than manually parsing it for content between first and second dots and then decoding.
Asked
Active
Viewed 6.1k times
31
-
1make your choice: https://jwt.io/#libraries-io – jps Dec 20 '19 at 13:32
-
2Man that's what i'm struggling with. All these libraries provide comprehensive approach. All that I want is to get easily a nice body of payload just like jwt.io allows me to do after pastying JWT into their tool. – salveiro Dec 20 '19 at 14:18
2 Answers
79
The library PyJWT has an option to decode a JWT without verification:
Without this option, the decode function does not only decode the token but also verifies the signature and you would have to provide the matching key. And that's of course the recommended way.
But if you, for whatever reason, just want to decode the payload, set the option verify_signatureto false.
import jwt
key='super-secret'
payload={"id":"1","email":"myemail@gmail.com" }
token = jwt.encode(payload, key)
print (token)
decoded = jwt.decode(token, options={"verify_signature": False}) # works in PyJWT >= v2.0
print (decoded)
print (decoded["email"])
For PyJWT < v2.0 use:
decoded = jwt.decode(token, verify=False) # works in PyJWT < v2.0
It returns a dictionary so that you can access every value individually:
b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJlbWFpbCI6Im15ZW1haWxAZ21haWwuY29tIn0.ljEqGNGyR36s21NkSf3nv_II-Ed6fNv_xZL6EdbqPvw'
{'id': '1', 'email': 'myemail@gmail.com'}
myemail@gmail.com
Note: there are other JWT libs for python as well and this might also be possible with other libs.
jps
- 20,041
- 15
- 75
- 79
4
I used it today and seems like it needs the algorithm used too:
token = jwt.encode(payload, key=JWT_SECRET, algorithm="HS512")
jwt.decode(token, algorithms='HS512', verify=True, key=JWT_SECRET)
{'id': '1', 'email': 'myemail@gmail.com'}
Arindam Roychowdhury
- 5,927
- 5
- 55
- 63