Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Example for decoding a JWT Payload with your Shell (bash, zsh...)


Add this to your .profile, .bashrc, .zshrc...

decode_base64_url() {
  local len=$((${#1} % 4))
  local result="$1"
  if [ $len -eq 2 ]; then result="$1"'=='
  elif [ $len -eq 3 ]; then result="$1"'=' 
  echo "$result" | tr '_-' '/+' | openssl enc -d -base64

   decode_base64_url $(echo -n $2 | cut -d "." -f $1) | jq .

# Decode JWT header
alias jwth="decode_jwt 1"

# Decode JWT Payload
alias jwtp="decode_jwt 2"


jwtp eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ


  "sub": "1234567890",
  "name": "John Doe",
  "admin": true

This comment has been minimized.

Copy link

commented Sep 9, 2016

Hi, thanks for sharing. At least for me (Mac OS X 10.11.6, Bash 4.3.46(1)-release) the argument for base64 has to be -D and not -d.


This comment has been minimized.

Copy link

commented Jul 12, 2018

To pretty print the expiration field, amend the jq . to:

# For local tz
jq 'if .exp then (.expStr = (.exp|gmtime|strftime("%Y-%m-%dT%H:%M:%S %Z"))) else . end'

# For UTC
jq 'if .exp then (.expStr = (.exp|todate)) else . end'


  "sub": "user",
  "exp": 1531376297,
  "expStr": "2018-07-12T06:18:17 PST"

This comment has been minimized.

Copy link

commented Jan 10, 2019

openssl enc -d -base64 doesn't work out of the box on mac (mocos mojave, LibreSSL 2.6.5 openssl version ) with base64 long lines without carriage-returns.

Handle it to be linux/mac compliant with a dummy test on the base64 command:
base64 -d on linux (or mac with linux base64 tool) and base64 -D on mac

Forked here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.