Decode tokens

ReachFive encrypts tokens with either RS256 (asymmetric) or HS256 (symmetric).
The encryption method is set in your client settings (JWT Algorithm).

Refer to the corresponding code samples based on your implementation and preferred language.

Libraries used:

To obtain information about access tokens and refresh tokens, use the Introspection endpoint.

Decode an ID token signed with the client secret (HS256)

The secret is available in your client settings.

  • JavaScript

  • Java

  • Python

  • Ruby

const jwt = require('jwt-simple');

const token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBV19DTUZjaUYtQUMyeGlTdHUtNiIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA5OjAyOjI1Ljk1NVoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTEwOTQ1LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk3MzQ1LCJpYXQiOjE1Nzk1MTA5NDUsImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuNEByZWFjaDUuY28ifQ.kR0RRpNi4gFPUEOwuR1Tilx4imYjM1Owrbrtw6liZv0"
const secret = "KiHTYd2yCaoqRW2V8IxMP81XfyUbLadEZNO0IS02"

var decoded = jwt.decode(token, secret, false, 'HS256');
console.log(decoded);

/* { sub: 'AW-j-f1tNfVshs74ScEz',
  aud: [ 'sg48CdAYohRPeRWZ9j1H' ],
  auth_type: 'password',
  new_user: true,
  email_verified: false,
  updated_at: '2020-01-14T12:14:27.634Z',
  custom_fields: {},
  auth_time: 1579004067,
  iss: 'https://local-sandbox.og4.me',
  exp: 1579090467,
  iat: 1579004067,
  email: 'test-signup@reach5.co' } */
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.security.Keys;

import javax.crypto.SecretKey;

public class App {

    public static void main(String[] args) throws Exception {

        String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBV19DT0RzREYtQUMyeGlTdHVfRiIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA5OjExOjAzLjA1MVoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTExNDYzLCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk3ODYzLCJpYXQiOjE1Nzk1MTE0NjMsImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuNTFAcmVhY2g1LmNvIn0.7XFYdcpRoDjffEHdLVjq1TjmJsojQu91WCWa_xrsI5o";
        String clientSecret = "KiHTYd2yCaoqRW2V8IxMP81XfyUbLadEZNO0IS02";

        byte[] keyBytes = clientSecret.getBytes();
        SecretKey key = Keys.hmacShaKeyFor(keyBytes);

        Jws<Claims> jws = Jwts.parser().setSigningKey(key).parseClaimsJws(token);

        System.out.println(jws);
        // header={typ=JWT, alg=HS256},body={sub=AW-qLySZlAKdyioRNMjH,
        // aud=[k6ShTTsHfVE5aXu5uW0i], auth_type=password, new_user=true,
        // email_verified=false, updated_at=2020-01-15T17:10:14.016Z, custom_fields={},
        // auth_time=1579108214, iss=https://test-jc.reach5.net, exp=1579194614,
        // iat=1579108214,
        // email=giverandomtoken@reach5.co},signature=Pv7M7pmT8oAYBDSnd56bmrLlmmgrdjkm9TrGlHh5klE

    }
}
import jwt

def main():
    decoded = jwt.decode(token, secret, algorithm='HS256', audience='sg48CdAYohRPeRWZ9j1H')
    print(decoded)
    # {'sub': 'AW-j-f1tNfVshs74ScEz', 'aud': ['sg48CdAYohRPeRWZ9j1H'], 'auth_type': 'password', 'new_user': True, 'email_verified': False, 'updated_at': '2020-01-14T12:14:27.634Z', 'custom_fields': {}, 'auth_time': 1579004067, 'iss': 'https://local-sandbox.og4.me', 'exp': 1579090467, 'iat': 1579004067, 'email': 'test-signup@reach5.co'}

if __name__ == "__main__":
    secret = "KiHTYd2yCaoqRW2V8IxMP81XfyUbLadEZNO0IS02"
    token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBVy1qLWYxdE5mVnNoczc0U2NFeiIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTE0VDEyOjE0OjI3LjYzNFoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5MDA0MDY3LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5MDkwNDY3LCJpYXQiOjE1NzkwMDQwNjcsImVtYWlsIjoidGVzdC1zaWdudXBAcmVhY2g1LmNvIn0.XqW3B-YMTgrlw8eY4I7tIb0U5g1sAEdO3OBCZHC_-dc"
    main()
require 'jwt'

token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBVy1xTHlTWmxBS2R5aW9STk1qSCIsImF1ZCI6WyJrNlNoVFRzSGZWRTVhWHU1dVcwaSJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTE1VDE3OjEwOjE0LjAxNloiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5MTA4MjE0LCJpc3MiOiJodHRwczovL3Rlc3QtamMucmVhY2g1Lm5ldCIsImV4cCI6MTU3OTE5NDYxNCwiaWF0IjoxNTc5MTA4MjE0LCJlbWFpbCI6ImdpdmVyYW5kb210b2tlbkByZWFjaDUuY28ifQ.Pv7M7pmT8oAYBDSnd56bmrLlmmgrdjkm9TrGlHh5klE"
secret = "qP3ubOwFE6Y3pKKGBq330U5XmeZIFvGLbjUP6Wtq"

payload = JWT.decode(token, secret, true, { algorithm: "HS256"})

puts payload

Decode an ID token signed with the public key (RS256)

The account public key in Settings  RSA public key.

  • JavaScript

  • Java

  • Python

  • Ruby

const jwt = require('jwt-simple');

const token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBV19DTXZwckYtQUMyeGlTdHUtOSIsImF1ZCI6WyJWalBKREhZZnFpYnNxYjBKTkN5QSJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA5OjA1OjE4LjkxN1oiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTExMTE4LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk3NTE4LCJpYXQiOjE1Nzk1MTExMTgsImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuNUByZWFjaDUuY28ifQ.PPRVnZj0lBRPyPjd8xEvSdVUWq84rKkmPGx7O-rz1IgfG6VDz18qWtmoLxoQfPHdtdnnqxLKJFAmkOUlliJT9_LZAUL6sSZsf_dKJQtjdH6k-wAwgqtvGC3M-v3Lq-HjjWxdjCvDSny4CgTjPzSusxhh0npSbI_YZkGIpqH0sy2ilQgg0KfoYBe4H64xpYLpiLJUr7hKgUJ3r-JpnYWW_i3iY1thvrbduXaIFsBSO0ufjJtHL5RrJuQ9YmOtQ09zBsX64Tw1ed3FsVbI2Se32bUPjUY64YEohKBXF37NtKMUeuF2O0qI0EZj2VHaY7H7yt4oGfWgTMa3Cddad7M9Ub9-KnuaxgaYOp4rfS5uMI03t6dmz4KSxAQP8h1ch6wsGcn7NjkzGtkpIN1X3hK01WUwYpOrR5bx_kqQMzvS8GUTTn4HBkwSjabLbOE7jqW4kROXK5twvy6gem44OrqM5s_QGlye2hBTKrkEaQaso9JmQ1BTDM3HV53Qk0eXQlyU"
const secret = "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAghVP2Kdv66ZPvRS503aZlUkzPVuNBV8fvjKadyR7xb4/lN7P7tXiCIatpeRcjB+zK3AcfEKGBzPjf6gOzt24+GPuDi4lPWVqgOspYWC1lIzew11zS3VSNHDgk/f2cn2FpbWV+aPU8EXT3rDG39cqGxl6naKFJwcnF5vcpeBORZ0D7GZ97LpXY3F2tFBaLI83O11sqe/YuINShBijuIVnMvvNNdjMHmDsGiWdTHdtNG3nnBTpEp2juRpfdldw/eiwoh3Po9AHHxusy9lCuRYJkNQeiw5XvToyulmxcUM7nDjVA5BHZhX2vneJx+fXLvwYXfl4FmV3yCGo22cXB1PYI4K3aMcC9xBwncFg+QrhKeDOTbvzo9CCe84l0OfsBsxObGHgYVoPSwOmer0AcVje2yscejfta1MVX8vmdfq+0/Jgy0wiY9yFXOYL62bCvcWwtpx/6PKYkK4l67Ics8q4r5d/Qt0s8feZtNaO64GPNzruhTYNmYsKzK6P11t+DYhtAgMBAAE=\n-----END PUBLIC KEY-----"

var decoded = jwt.decode(token, secret, 'RS256');
console.log(decoded);

/* { sub: 'AW-j-f1tNfVshs74ScEz',
  aud: [ 'sg48CdAYohRPeRWZ9j1H' ],
  auth_type: 'password',
  new_user: true,
  email_verified: false,
  updated_at: '2020-01-14T12:14:27.634Z',
  custom_fields: {},
  auth_time: 1579004067,
  iss: 'https://local-sandbox.og4.me',
  exp: 1579090467,
  iat: 1579004067,
  email: 'test-signup@reach5.co' } */
Coming soon
// include::example$decode-token-rs256.java[]
import jwt

def main():
    decoded = jwt.decode(token, public_key, algorithm='RS256', audience='sg48CdAYohRPeRWZ9j1H')
    print(decoded)
    # {'sub': 'AW-j-f1tNfVshs74ScEz', 'aud': ['sg48CdAYohRPeRWZ9j1H'], 'auth_type': 'password', 'new_user': True, 'email_verified': False, 'updated_at': '2020-01-14T12:14:27.634Z', 'custom_fields': {}, 'auth_time': 1579004067, 'iss': 'https://local-sandbox.og4.me', 'exp': 1579090467, 'iat': 1579004067, 'email': 'test-signup@reach5.co'}

if __name__ == "__main__":
    public_key = b'-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAghVP2Kdv66ZPvRS503aZlUkzPVuNBV8fvjKadyR7xb4/lN7P7tXiCIatpeRcjB+zK3AcfEKGBzPjf6gOzt24+GPuDi4lPWVqgOspYWC1lIzew11zS3VSNHDgk/f2cn2FpbWV+aPU8EXT3rDG39cqGxl6naKFJwcnF5vcpeBORZ0D7GZ97LpXY3F2tFBaLI83O11sqe/YuINShBijuIVnMvvNNdjMHmDsGiWdTHdtNG3nnBTpEp2juRpfdldw/eiwoh3Po9AHHxusy9lCuRYJkNQeiw5XvToyulmxcUM7nDjVA5BHZhX2vneJx+fXLvwYXfl4FmV3yCGo22cXB1PYI4K3aMcC9xBwncFg+QrhKeDOTbvzo9CCe84l0OfsBsxObGHgYVoPSwOmer0AcVje2yscejfta1MVX8vmdfq+0/Jgy0wiY9yFXOYL62bCvcWwtpx/6PKYkK4l67Ics8q4r5d/Qt0s8feZtNaO64GPNzruhTYNmYsKzK6P11t+DYhtAgMBAAE=\n-----END PUBLIC KEY-----'
    token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBV19DSGNZdEYtQUMyeGlTdHUtdyIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA4OjQyOjA5LjMzNFoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTA5NzI5LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk2MTI5LCJpYXQiOjE1Nzk1MDk3MjksImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuM0ByZWFjaDUuY28ifQ.gd3jV_GhWV9cLrsuLpQ4xf0UbLi0VS9MRANgMhSUFAandFF1PYPk3b4CiPmse_BuYNZV2jnCWqlRHycE1pS3L7G6_e6YJzzwh22X-2HLKvd57JqnKY49aYkO4Raa__r3VYT1adeOmfGh479MEYheE-8CQIWDwQrYoCTlUGEWkHqLsSu_QFvUiZSWjcGbRHZeK2-uOgZXCyW-HZNY2ktk1XdL0qlxWJvidAaWz_5AtcWBVQ8MEe2x28Kc1mtrj7GLtLl3b78TELAG25fFknZvYd0Dfb_2PItsb1v-GwOrs0_U9b0Xacc1wxBys9qqAhKNjDK2zNc2MQYZsJI8fSVceG2R8ko7EfvMi6trFuZuDi1yTel-2U4pvXe8kWsDeCCqLODJDFB3DxmzCxzq5G9rLf_d5NrLaCGvtwMbFr-Cuj6tt6UtscDWzw1lCd24ky8qS2fxZxhN7IZwwcoDCympJsqxp7lc1hwrnAiiY8DFTTfFsiZZl1FhV05HEJ5flOEf"
    main()
Coming soon
# include::example$decode-token-rs256.rb[]
Feedback