Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Deconstruct a JWT token for Firebase
// Helper function to extract claims from a JWT. Does *not* verify the
// validity of the token.
// credits:
// polyfill window.atob() for IE8:
// or really fast Base64 by Fred Palmer:
function deconstructJWT(token) {
var segments = token.split(".");
if (!segments instanceof Array || segments.length !== 3) {
throw new Error("Invalid JWT");
var claims = segments[1];
return JSON.parse(decodeURIComponent(escape(window.atob(claims))));
// Moment:
function tokHasTimeLeft(tok) {
if( !tok ) {return false;}
try {
var parts = deconstructJWT(tok);
// default is 24 hrs
var exp = parts.exp? moment.unix(parts.exp) : moment.unix(parts.iat).add('hours', 24);
// returns true if token has at least 12 hours left
return exp.diff(moment(), 'hours') > 12;
catch(e) {
return false;

This comment has been minimized.

Copy link

commented Sep 19, 2017

Hi, you might want to convert from base64url character set to tandard base64 character by adding this:

claim = claim.replace('-', '+').replace('_', '/');


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.