Created
July 18, 2019 04:23
-
-
Save darrenjrobinson/49006fb7670af2e6983da34c9134177d to your computer and use it in GitHub Desktop.
Decode an Azure JWT Token and find expiry time in local timezone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Parse-JWTtoken { | |
| [cmdletbinding()] | |
| param([Parameter(Mandatory = $true)][string]$token) | |
| #Validate as per https://tools.ietf.org/html/rfc7519 | |
| #Access and ID tokens are fine, Refresh tokens will not work | |
| if (!$token.Contains(".") -or !$token.StartsWith("eyJ")) { Write-Error "Invalid token" -ErrorAction Stop } | |
| #Header | |
| $tokenheader = $token.Split(".")[0].Replace('-', '+').Replace('_', '/') | |
| #Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0 | |
| while ($tokenheader.Length % 4) { Write-Verbose "Invalid length for a Base-64 char array or string, adding ="; $tokenheader += "=" } | |
| Write-Verbose "Base64 encoded (padded) header:" | |
| Write-Verbose $tokenheader | |
| #Convert from Base64 encoded string to PSObject all at once | |
| Write-Verbose "Decoded header:" | |
| [System.Text.Encoding]::ASCII.GetString([system.convert]::FromBase64String($tokenheader)) | ConvertFrom-Json | fl | Out-Default | |
| #Payload | |
| $tokenPayload = $token.Split(".")[1].Replace('-', '+').Replace('_', '/') | |
| #Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0 | |
| while ($tokenPayload.Length % 4) { Write-Verbose "Invalid length for a Base-64 char array or string, adding ="; $tokenPayload += "=" } | |
| Write-Verbose "Base64 encoded (padded) payoad:" | |
| Write-Verbose $tokenPayload | |
| #Convert to Byte array | |
| $tokenByteArray = [System.Convert]::FromBase64String($tokenPayload) | |
| #Convert to string array | |
| $tokenArray = [System.Text.Encoding]::ASCII.GetString($tokenByteArray) | |
| Write-Verbose "Decoded array in JSON format:" | |
| Write-Verbose $tokenArray | |
| #Convert from JSON to PSObject | |
| $tokobj = $tokenArray | ConvertFrom-Json | |
| Write-Verbose "Decoded Payload:" | |
| return $tokobj | |
| } | |
| function Convert-UnixTime { | |
| Param([Parameter(Mandatory = $true)][int32]$unixDate) | |
| $orig = (Get-Date -Year 1970 -Month 1 -Day 1 -hour 0 -Minute 0 -Second 0 -Millisecond 0) | |
| $timeZone = Get-TimeZone | |
| $utcTime = $orig.AddSeconds($unixDate) | |
| $localTime = $utcTime.AddHours($timeZone.BaseUtcOffset.Hours) # Return local time | |
| return $localTime | |
| } | |
| $azureToken = Parse-JWTtoken($Global:accesstoken) | |
| $tokenExpires = Convert-UnixTime($azureToken.exp) | |
| $tokenExpires |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment