How to decode JWT Token?

jwt-decode npm
jwt-decode angular
jwt decode python
jwt - npm
jwt - java
decode jwt token java
jwt claims
php-jwt

I don't understand how this library works. Could you help me please ?

Here is my simple code :

public void TestJwtSecurityTokenHandler()
    {
        var stream =
            "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJJU1MiLCJzY29wZSI6Imh0dHBzOi8vbGFyaW0uZG5zY2UuZG91YW5lL2NpZWxzZXJ2aWNlL3dzIiwiYXVkIjoiaHR0cHM6Ly9kb3VhbmUuZmluYW5jZXMuZ291di5mci9vYXV0aDIvdjEiLCJpYXQiOiJcL0RhdGUoMTQ2ODM2MjU5Mzc4NClcLyJ9";
        var handler = new JwtSecurityTokenHandler();

        var jsonToken = handler.ReadToken(stream);
    }

This is the error :

The string needs to be in compact JSON format, which is of the form: Base64UrlEncodedHeader.Base64UrlEndcodedPayload.OPTIONAL,Base64UrlEncodedSignature'.

If you copy the stream in jwt.io website, it works fine :)


I found the solution, I just forgot to Cast the result:

var stream ="[encoded jwt]";  
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(stream);
var tokenS = handler.ReadToken(stream) as JwtSecurityToken;

I can get Claims using:

var jti = tokenS.Claims.First(claim => claim.Type == "jti").Value;

Decoding JSON Web Tokens, jwt-decode is a small browser library that helps decoding JWTs token which are Base64Url encoded. IMPORTANT: This library doesn't validate the token, any  To Illustrate, in an Authentication Code flow using OpenID Connect,after a user is authenticated, you can handle the event SecurityTokenValidated which provides you with an authentication context, then you can use it to read the access_token as a jwt token, then you can "merge" tokens that are in the access_token with the standard list of


new JwtSecurityTokenHandler().ReadToken("") will return a SecurityToken

new JwtSecurityTokenHandler().ReadJwtToken("") will return a JwtSecurityToken

If you just change the method you are using you can avoid the cast in the above answer

auth0/jwt-decode: Decode JWT tokens; useful for browser , Working unicode text JWT parser function: function parseJwt (token) { var base64Url = token.split('.')[1]; var base64 = base64Url.replace(/-/g, '+').replace(/_/​g,  JWT Decode - Faster Online utility to Decode JWT. JWT - What is it. JWT tokens also known as JSON Web Token (JWT) are widely used as a means of representing the set of claims for a caller that are issued by the identity provider after authentication and authorization. JWT Token has three parts, separated by dot, and is encoded in Base64.


You need the secret string wich was used to generate encrypt token. This code works for me:

protected string GetName(string token)
    {
        string secret = "this is a string used for encrypt and decrypt token"; 
        var key = Encoding.ASCII.GetBytes(secret);
        var handler = new JwtSecurityTokenHandler();
        var validations = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(key),
            ValidateIssuer = false,
            ValidateAudience = false
        };
        var claims = handler.ValidateToken(token, validations, out var tokenSecure);
        return claims.Identity.Name;
    }

How to decode jwt token in javascript without using a library?, With JSONwebtoken.io, you can easily encode, decode, and validate JWTs. How to decode JWT token. GitHub Gist: instantly share code, notes, and snippets.


Using .net core jwt packages, the Claims are available:

[Route("api/[controller]")]
[ApiController]
[Authorize(Policy = "Bearer")]
public class AbstractController: ControllerBase
{
    protected string UserId()
    {
        var principal = HttpContext.User;
        if (principal?.Claims != null)
        {
            foreach (var claim in principal.Claims)
            {
               log.Debug($"CLAIM TYPE: {claim.Type}; CLAIM VALUE: {claim.Value}");
            }

        }
        return principal?.Claims?.SingleOrDefault(p => p.Type == "username")?.Value;
    }
}

JSON Web Token (JWT), Before you decode the JWT token, first you need to have an idea about the structure of the JWT token. JWT token consist of 3 main parts. Header, payload and  Set up an Authorization Server to Generate JWTs. In the top menu, click on Applications. Click on Add Application. Select Web and click Next. Enter DecodeJWTs for the Name. Change the Base URIs to the exact URL that your application runs on locally, including the trailing backslash. This should be


Extending on cooxkie answer, and dpix answer, when you are reading a jwt token (such as an access_token received from AD FS), you can merge the claims in the jwt token with the claims from "context.AuthenticationTicket.Identity" that might not have the same set of claims as the jwt token.

To Illustrate, in an Authentication Code flow using OpenID Connect,after a user is authenticated, you can handle the event SecurityTokenValidated which provides you with an authentication context, then you can use it to read the access_token as a jwt token, then you can "merge" tokens that are in the access_token with the standard list of claims received as part of the user identity:

    private Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage,OpenIdConnectAuthenticationOptions> context)
    {
        //get the current user identity
        ClaimsIdentity claimsIdentity = (ClaimsIdentity)context.AuthenticationTicket.Identity;

        /*read access token from the current context*/
        string access_token = context.ProtocolMessage.AccessToken;

        JwtSecurityTokenHandler hand = new JwtSecurityTokenHandler();
        //read the token as recommended by Coxkie and dpix
        var tokenS = hand.ReadJwtToken(access_token);
        //here, you read the claims from the access token which might have 
        //additional claims needed by your application
        foreach (var claim in tokenS.Claims)
        {
            if (!claimsIdentity.HasClaim(claim.Type, claim.Value))
                claimsIdentity.AddClaim(claim);
        }

        return Task.FromResult(0);
    }

How to Decode JWT tokens in node? - Dushan Devinda, Decode JWT tokens, mostly useful for browser applications. jwt-decode is a small browser library that helps decoding JWTs token which are  AD FS Help JWT Decoder. JWT Decoder. Use the JWT Decoder tool to decode an encoded JWT Token and see the contents in clear text. This can be helpful when troubleshooting authentication failures when all you have is a trace.


jwt-decode, Each JWT contains a payload. The payload is a base64 encoded JSON object that sits between the two periods in the token. We can decode this payload by  View the claims inside your JWT. Tooltips help explain the meaning of common claims. If you are concerned about privacy, you'll be happy to know the token is decoded in JavaScript, so stays in your browser.


Decoding JWT Payloads, View the claims inside your JWT. Tooltips help explain the meaning of common claims. If you are concerned about privacy, you'll be happy to know the token is  We have generated code samples based on the input above for different languages. Select the library you use to switch the generated code samples, copy and paste, and that is all. nJwt is the cleanest JSON Web Token (JWT) library for Node.js developers. nJwt removes all the complexities around JWTs, and gives you a simple, intuitive API, that


JSON Web Token, Encoding/Decoding JSON Web Tokens (JWT) in R. 2019-01-20. JavaScript Object Signing and Encryption (JOSE) consists of a set of specifications for  Decode JSON Web Tokens. This is a collection of tools for web developers. Online json formatter, html editor, diff viewer, urlencoder/decoder, base64 encoder/decoder, JWT decoder, image to base64