I want to decode jwt token that I received using Postman and implement it in REST API. How can I do that? I saw people posted code to decode the jwt token (reference: How to decode jwt token in javascript without using a library?) but I dont understand how to do it in postman? What url needed to decode the jwt? What headers, authorisation needed?
Postman supports crypto-js library : https://learning.postman.com/docs/writing-scripts/script-references/postman-sandbox-api-reference/#using-external-libraries
Add below example to postman test script:
let CryptoJs = require('crypto-js');
let jwt = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.UsrGn95rk5DStcC_WwIr3WIv5rHe2IApX56I58l8uyo`
a = jwt.split('.');
//a.forEach(function (val) {
var words = CryptoJs.enc.Base64.parse(a[1]);
var textString = CryptoJs.enc.Utf8.stringify(words);
console.log(textString)
//})
Output:
The hmacSHA256 is not an encryption algorithm but an Hashing algorithm so there is no way to decode it as hashing is one-way function.
as the last part is in the form
HMACSHA256 of ( base64(header) + "." + base64(body) )
you can try creating it and equating both are equal