JWT
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
The most common scenario for using JWT is for authorization. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains.
Decode a JWTRead the “Decode a JWT” section
To be able to access the object you need to decode the JWT.
Here is JavaScript example of how to do it.
const parseJwt = (token) => {
try {
return JSON.parse(atob(token.split(".")[1]));
} catch (e) {
return null;
}
};
When the JWT is decoded you will get a JSON object. Here is an example of a decoded access token
{
"iss": "https://identity.api.navigraph.com",
"aud": "https://identity.api.navigraph.com/resources",
"exp": 1617199189,
"nbf": 1617195589,
"client_id": "website-web",
"scope": ["openid", "email", "userinfo", "roles", "offline_access"],
"sub": "02d8aa80-d17f-4424-a85d-a42329217cb3",
"auth_time": 1617195588,
"idp": "idsrv",
"amr": ["password"],
"subscriptions": ["fmsdata", "charts"]
}