A Bash script to decode JWT token

jwtDecoder.sh

#!/usr/bin/env bash
# HOW TO USE:
# ~$ chmod +x jwtDecoder.sh
# ~$ ./jwtDecoder.sh "<JWT token>"

padding() {
    # $1: base64 string
    local m p=""
    m=$(( ${#1} % 4 ))
    [[ "$m" == 2 ]] && p="=="
    [[ "$m" == 3 ]] && p="="
    echo "${1}${p}"
}

if [[ -z $(command -v jq) ]]; then
    echo "This script will NOT work on your machine."
    echo "Please install jq first: https://stedolan.github.io/jq/download/"
    exit 1
fi

clear
input=("${@}")
input=("${input//$'\n'/}")
input=("${input//' '/}")
token=$(IFS=$'\n'; echo "${input[*]}")

echo -e "JWT token:\\n${token}"
IFS='.' read -ra ADDR <<< "$token"
base64 -d <<< "$(padding "${ADDR[0]}")" | jq
base64 -d <<< "$(padding "${ADDR[1]}")" | jq
echo "Signature: ${ADDR[2]}"

The last section of the JWT is a signature and it is failed to parse in last command jq '.' 2> /dev/null but this is hidden by redirecting error to dev/null.
Instead we can just take section by index

IFS='.' read -ra ADDR <<< "$token"
JWT_HEADER=$(echo "${ADDR[0]}" | base64 -d 2> /dev/null)
JWT_PAYLOAD=$(echo "${ADDR[1]}" | base64 -d 2> /dev/null)
JWT_SIGNATURE="${ADDR[2]}"
echo "JWT Header:"
echo "${JWT_HEADER}" | jq '.'
echo "JWT Payload:"
echo "${JWT_PAYLOAD}" | jq '.'
echo "JWT Signature:"
echo "${JWT_SIGNATURE}"

JWT_SUB=$(echo "$JWT_PAYLOAD" | jq -r .sub)
JWT_EMAIL=$(echo "$JWT_PAYLOAD" | jq -r .email)
echo "sub: $JWT_SUB email: $JWT_EMAIL"

Also related and may be useful:
https://github.com/emcrisostomo/jwt-cli
https://willhaley.com/blog/generate-jwt-with-bash/
https://www.jvt.me/posts/2019/06/13/pretty-printing-jwt-openssl/

Here is an example with verifying a signature
https://gist.github.com/rolandyoung/176dd310a6948e094be6

An example of base64 URL encode/decode
https://github.com/Moodstocks/moodstocks-api-clients/blob/master/bash/base64url.sh

@stokito Thanks for the info 👍