Decode tokens

ReachFive encrypts tokens with either RS256 (asymmetric) or HS256 (symmetric).
The encryption method is set in your client settings (JWT Algorithm).

Refer to the corresponding code samples based on your implementation and preferred language.

Libraries used:

To obtain information about access tokens and refresh tokens, use the Introspection endpoint.

Decode an ID token signed with the client secret (HS256)

The secret is available in your client settings.

  • JavaScript

  • Java

  • Python

  • Ruby

const jwt = require('jwt-simple');

const token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBV19DTUZjaUYtQUMyeGlTdHUtNiIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA5OjAyOjI1Ljk1NVoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTEwOTQ1LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk3MzQ1LCJpYXQiOjE1Nzk1MTA5NDUsImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuNEByZWFjaDUuY28ifQ.kR0RRpNi4gFPUEOwuR1Tilx4imYjM1Owrbrtw6liZv0"
const secret = "KiHTYd2yCaoqRW2V8IxMP81XfyUbLadEZNO0IS02"

var decoded = jwt.decode(token, secret, false, 'HS256');
console.log(decoded);

/* { sub: 'AW-j-f1tNfVshs74ScEz',
  aud: [ 'sg48CdAYohRPeRWZ9j1H' ],
  auth_type: 'password',
  new_user: true,
  email_verified: false,
  updated_at: '2020-01-14T12:14:27.634Z',
  custom_fields: {},
  auth_time: 1579004067,
  iss: 'https://local-sandbox.og4.me',
  exp: 1579090467,
  iat: 1579004067,
  email: 'test-signup@reach5.co' } */
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.security.Keys;

import javax.crypto.SecretKey;

public class App {

    public static void main(String[] args) throws Exception {

        String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBV19DT0RzREYtQUMyeGlTdHVfRiIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA5OjExOjAzLjA1MVoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTExNDYzLCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk3ODYzLCJpYXQiOjE1Nzk1MTE0NjMsImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuNTFAcmVhY2g1LmNvIn0.7XFYdcpRoDjffEHdLVjq1TjmJsojQu91WCWa_xrsI5o";
        String clientSecret = "KiHTYd2yCaoqRW2V8IxMP81XfyUbLadEZNO0IS02";

        byte[] keyBytes = clientSecret.getBytes();
        SecretKey key = Keys.hmacShaKeyFor(keyBytes);

        Jws<Claims> jws = Jwts.parser().setSigningKey(key).parseClaimsJws(token);

        System.out.println(jws);
        // header={typ=JWT, alg=HS256},body={sub=AW-qLySZlAKdyioRNMjH,
        // aud=[k6ShTTsHfVE5aXu5uW0i], auth_type=password, new_user=true,
        // email_verified=false, updated_at=2020-01-15T17:10:14.016Z, custom_fields={},
        // auth_time=1579108214, iss=https://test-jc.reach5.net, exp=1579194614,
        // iat=1579108214,
        // email=giverandomtoken@reach5.co},signature=Pv7M7pmT8oAYBDSnd56bmrLlmmgrdjkm9TrGlHh5klE

    }
}
import jwt

def main():
    decoded = jwt.decode(token, secret, algorithm='HS256', audience='sg48CdAYohRPeRWZ9j1H')
    print(decoded)
    # {'sub': 'AW-j-f1tNfVshs74ScEz', 'aud': ['sg48CdAYohRPeRWZ9j1H'], 'auth_type': 'password', 'new_user': True, 'email_verified': False, 'updated_at': '2020-01-14T12:14:27.634Z', 'custom_fields': {}, 'auth_time': 1579004067, 'iss': 'https://local-sandbox.og4.me', 'exp': 1579090467, 'iat': 1579004067, 'email': 'test-signup@reach5.co'}

if __name__ == "__main__":
    secret = "KiHTYd2yCaoqRW2V8IxMP81XfyUbLadEZNO0IS02"
    token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBVy1qLWYxdE5mVnNoczc0U2NFeiIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTE0VDEyOjE0OjI3LjYzNFoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5MDA0MDY3LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5MDkwNDY3LCJpYXQiOjE1NzkwMDQwNjcsImVtYWlsIjoidGVzdC1zaWdudXBAcmVhY2g1LmNvIn0.XqW3B-YMTgrlw8eY4I7tIb0U5g1sAEdO3OBCZHC_-dc"
    main()
require 'jwt'

token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJBVy1xTHlTWmxBS2R5aW9STk1qSCIsImF1ZCI6WyJrNlNoVFRzSGZWRTVhWHU1dVcwaSJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTE1VDE3OjEwOjE0LjAxNloiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5MTA4MjE0LCJpc3MiOiJodHRwczovL3Rlc3QtamMucmVhY2g1Lm5ldCIsImV4cCI6MTU3OTE5NDYxNCwiaWF0IjoxNTc5MTA4MjE0LCJlbWFpbCI6ImdpdmVyYW5kb210b2tlbkByZWFjaDUuY28ifQ.Pv7M7pmT8oAYBDSnd56bmrLlmmgrdjkm9TrGlHh5klE"
secret = "qP3ubOwFE6Y3pKKGBq330U5XmeZIFvGLbjUP6Wtq"

payload = JWT.decode(token, secret, true, { algorithm: "HS256"})

puts payload

Decode an ID token signed with the public key (RS256)

The account public key in Settings  RSA public key.

  • JavaScript

  • Java

  • Python

  • Ruby

const jwt = require('jwt-simple');

const token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBV19DTXZwckYtQUMyeGlTdHUtOSIsImF1ZCI6WyJWalBKREhZZnFpYnNxYjBKTkN5QSJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA5OjA1OjE4LjkxN1oiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTExMTE4LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk3NTE4LCJpYXQiOjE1Nzk1MTExMTgsImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuNUByZWFjaDUuY28ifQ.PPRVnZj0lBRPyPjd8xEvSdVUWq84rKkmPGx7O-rz1IgfG6VDz18qWtmoLxoQfPHdtdnnqxLKJFAmkOUlliJT9_LZAUL6sSZsf_dKJQtjdH6k-wAwgqtvGC3M-v3Lq-HjjWxdjCvDSny4CgTjPzSusxhh0npSbI_YZkGIpqH0sy2ilQgg0KfoYBe4H64xpYLpiLJUr7hKgUJ3r-JpnYWW_i3iY1thvrbduXaIFsBSO0ufjJtHL5RrJuQ9YmOtQ09zBsX64Tw1ed3FsVbI2Se32bUPjUY64YEohKBXF37NtKMUeuF2O0qI0EZj2VHaY7H7yt4oGfWgTMa3Cddad7M9Ub9-KnuaxgaYOp4rfS5uMI03t6dmz4KSxAQP8h1ch6wsGcn7NjkzGtkpIN1X3hK01WUwYpOrR5bx_kqQMzvS8GUTTn4HBkwSjabLbOE7jqW4kROXK5twvy6gem44OrqM5s_QGlye2hBTKrkEaQaso9JmQ1BTDM3HV53Qk0eXQlyU"
const secret = "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAghVP2Kdv66ZPvRS503aZlUkzPVuNBV8fvjKadyR7xb4/lN7P7tXiCIatpeRcjB+zK3AcfEKGBzPjf6gOzt24+GPuDi4lPWVqgOspYWC1lIzew11zS3VSNHDgk/f2cn2FpbWV+aPU8EXT3rDG39cqGxl6naKFJwcnF5vcpeBORZ0D7GZ97LpXY3F2tFBaLI83O11sqe/YuINShBijuIVnMvvNNdjMHmDsGiWdTHdtNG3nnBTpEp2juRpfdldw/eiwoh3Po9AHHxusy9lCuRYJkNQeiw5XvToyulmxcUM7nDjVA5BHZhX2vneJx+fXLvwYXfl4FmV3yCGo22cXB1PYI4K3aMcC9xBwncFg+QrhKeDOTbvzo9CCe84l0OfsBsxObGHgYVoPSwOmer0AcVje2yscejfta1MVX8vmdfq+0/Jgy0wiY9yFXOYL62bCvcWwtpx/6PKYkK4l67Ics8q4r5d/Qt0s8feZtNaO64GPNzruhTYNmYsKzK6P11t+DYhtAgMBAAE=\n-----END PUBLIC KEY-----"

var decoded = jwt.decode(token, secret, 'RS256');
console.log(decoded);

/* { sub: 'AW-j-f1tNfVshs74ScEz',
  aud: [ 'sg48CdAYohRPeRWZ9j1H' ],
  auth_type: 'password',
  new_user: true,
  email_verified: false,
  updated_at: '2020-01-14T12:14:27.634Z',
  custom_fields: {},
  auth_time: 1579004067,
  iss: 'https://local-sandbox.og4.me',
  exp: 1579090467,
  iat: 1579004067,
  email: 'test-signup@reach5.co' } */
Coming soon
// include::example$decode-token-rs256.java[]
import jwt

def main():
    decoded = jwt.decode(token, public_key, algorithm='RS256', audience='sg48CdAYohRPeRWZ9j1H')
    print(decoded)
    # {'sub': 'AW-j-f1tNfVshs74ScEz', 'aud': ['sg48CdAYohRPeRWZ9j1H'], 'auth_type': 'password', 'new_user': True, 'email_verified': False, 'updated_at': '2020-01-14T12:14:27.634Z', 'custom_fields': {}, 'auth_time': 1579004067, 'iss': 'https://local-sandbox.og4.me', 'exp': 1579090467, 'iat': 1579004067, 'email': 'test-signup@reach5.co'}

if __name__ == "__main__":
    public_key = b'-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAghVP2Kdv66ZPvRS503aZlUkzPVuNBV8fvjKadyR7xb4/lN7P7tXiCIatpeRcjB+zK3AcfEKGBzPjf6gOzt24+GPuDi4lPWVqgOspYWC1lIzew11zS3VSNHDgk/f2cn2FpbWV+aPU8EXT3rDG39cqGxl6naKFJwcnF5vcpeBORZ0D7GZ97LpXY3F2tFBaLI83O11sqe/YuINShBijuIVnMvvNNdjMHmDsGiWdTHdtNG3nnBTpEp2juRpfdldw/eiwoh3Po9AHHxusy9lCuRYJkNQeiw5XvToyulmxcUM7nDjVA5BHZhX2vneJx+fXLvwYXfl4FmV3yCGo22cXB1PYI4K3aMcC9xBwncFg+QrhKeDOTbvzo9CCe84l0OfsBsxObGHgYVoPSwOmer0AcVje2yscejfta1MVX8vmdfq+0/Jgy0wiY9yFXOYL62bCvcWwtpx/6PKYkK4l67Ics8q4r5d/Qt0s8feZtNaO64GPNzruhTYNmYsKzK6P11t+DYhtAgMBAAE=\n-----END PUBLIC KEY-----'
    token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBV19DSGNZdEYtQUMyeGlTdHUtdyIsImF1ZCI6WyJzZzQ4Q2RBWW9oUlBlUldaOWoxSCJdLCJhdXRoX3R5cGUiOiJwYXNzd29yZCIsIm5ld191c2VyIjp0cnVlLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInVwZGF0ZWRfYXQiOiIyMDIwLTAxLTIwVDA4OjQyOjA5LjMzNFoiLCJjdXN0b21fZmllbGRzIjp7fSwiYXV0aF90aW1lIjoxNTc5NTA5NzI5LCJpc3MiOiJodHRwczovL2xvY2FsLXNhbmRib3gub2c0Lm1lIiwiZXhwIjoxNTc5NTk2MTI5LCJpYXQiOjE1Nzk1MDk3MjksImVtYWlsIjoiZ2l2ZXJhbmRvbXRva2VuM0ByZWFjaDUuY28ifQ.gd3jV_GhWV9cLrsuLpQ4xf0UbLi0VS9MRANgMhSUFAandFF1PYPk3b4CiPmse_BuYNZV2jnCWqlRHycE1pS3L7G6_e6YJzzwh22X-2HLKvd57JqnKY49aYkO4Raa__r3VYT1adeOmfGh479MEYheE-8CQIWDwQrYoCTlUGEWkHqLsSu_QFvUiZSWjcGbRHZeK2-uOgZXCyW-HZNY2ktk1XdL0qlxWJvidAaWz_5AtcWBVQ8MEe2x28Kc1mtrj7GLtLl3b78TELAG25fFknZvYd0Dfb_2PItsb1v-GwOrs0_U9b0Xacc1wxBys9qqAhKNjDK2zNc2MQYZsJI8fSVceG2R8ko7EfvMi6trFuZuDi1yTel-2U4pvXe8kWsDeCCqLODJDFB3DxmzCxzq5G9rLf_d5NrLaCGvtwMbFr-Cuj6tt6UtscDWzw1lCd24ky8qS2fxZxhN7IZwwcoDCympJsqxp7lc1hwrnAiiY8DFTTfFsiZZl1FhV05HEJ5flOEf"
    main()
Coming soon
# include::example$decode-token-rs256.rb[]
R5 AI Assistant
The R5 AI assistant can make mistakes, verify answers.

Confirm Deletion