Decode JWT Without Verification
Decode a JWT payload without verifying the signature (for inspection only).
Code
Python
import base64
import json
def decode_jwt_payload(token):
parts = token.split(".")
if len(parts) != 3:
raise ValueError("Invalid JWT")
payload_b64 = parts[1]
padding = 4 - len(payload_b64) % 4
payload_b64 += "=" * padding
payload_json = base64.urlsafe_b64decode(payload_b64)
return json.loads(payload_json)
token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0In0.doz"
print(decode_jwt_payload(token))Line-by-line explanation
- 1.JWT has 3 parts: header.payload.signature.
- 2.Payload is base64url encoded.
- 3.Add padding if needed for b64decode.
- 4.Parse JSON from decoded bytes.
Expected output
{"sub": "1234"}