Easily Decode a JWT Token in Java with this Step-by-Step Tutorial

06 May 2023 Balmiki Mandal 0 Core Java

Decode a JWT Token in Java

JWT stands for JSON Web Token, and is an open standard for securely exchanging information as JSON objects. JWTs are tokens used to make authentication and authorization decisions, and can contain claims about an entity, such as the entity's identity, roles, or permissions. When using JWT tokens, developers do not need to keep track of client-side state and can use a single token to access multiple services.

The process of decoding JWTs is relatively simple, but it's important to know the structure of the token before attempting to decode it. The overall structure of a JWT consists of three parts: the header, the payload, and the signature. Each of these components is separated by a period (.).

Let's decode a JWT token step by step in Java without using any third-party library. 

Structure of a JWT token.

css
header.payload.signature

Each part is base64 encoded. The three parts are:

 

  1. Header: Contains information about the algorithm used for signing the token and the token type.

  2. Payload: Contains the claims, which are pieces of information about the subject and other data.

  3. Signature: Used to verify the authenticity of the token. It is created using a secret key and the header and payload.

 

Decode the JWT token step by step:

Step 1: Split the JWT token into its three parts: header, payload, and signature.

java
import java.util.Base64;

public class JwtDecoder {
    public static void main(String[] args) {
        String jwtToken = "your_jwt_token_here"; // Replace this with the actual JWT token you want to decode

        String[] jwtParts = jwtToken.split("\\.");
        String header = jwtParts[0];
        String payload = jwtParts[1];
        String signature = jwtParts[2];

        System.out.println("Header: " + header);
        System.out.println("Payload: " + payload);
        System.out.println("Signature: " + signature);
    }
}

 

Step 2: Decode the base64-encoded header and payload.

java
import java.nio.charset.StandardCharsets;

public class JwtDecoder {
    public static void main(String[] args) {
        String jwtToken = "your_jwt_token_here"; // Replace this with the actual JWT token you want to decode

        String[] jwtParts = jwtToken.split("\\.");
        String header = jwtParts[0];
        String payload = jwtParts[1];
        String signature = jwtParts[2];

        String decodedHeader = new String(Base64.getDecoder().decode(header), StandardCharsets.UTF_8);
        String decodedPayload = new String(Base64.getDecoder().decode(payload), StandardCharsets.UTF_8);

        System.out.println("Decoded Header: " + decodedHeader);
        System.out.println("Decoded Payload: " + decodedPayload);
        System.out.println("Signature: " + signature);
    }
}

 

Step 3: Extract and display the claims from the decoded payload.

java
import java.nio.charset.StandardCharsets;
import org.json.JSONObject;

public class JwtDecoder {
    public static void main(String[] args) {
        String jwtToken = "your_jwt_token_here"; // Replace this with the actual JWT token you want to decode

        String[] jwtParts = jwtToken.split("\\.");
        String header = jwtParts[0];
        String payload = jwtParts[1];
        String signature = jwtParts[2];

        String decodedHeader = new String(Base64.getDecoder().decode(header), StandardCharsets.UTF_8);
        String decodedPayload = new String(Base64.getDecoder().decode(payload), StandardCharsets.UTF_8);

        System.out.println("Decoded Header: " + decodedHeader);
        System.out.println("Decoded Payload: " + decodedPayload);
        System.out.println("Signature: " + signature);

        // Extract claims from the decoded payload
        JSONObject payloadJson = new JSONObject(decodedPayload);
        String subject = payloadJson.getString("sub");
        System.out.println("Subject: " + subject);

        // Add more claims as needed, like expiration time, issuer, etc.
        // For example:
        // Date expiresAt = new Date(payloadJson.getLong("exp") * 1000L);
        // String issuer = payloadJson.getString("iss");
        // ...
    }
}

Conclusion 

Remember to replace "your_jwt_token_here" with the actual JWT token you want to decode. When you run this code, it will print out the decoded header, payload, and signature. Additionally, it will extract and display the subject claim from the payload. You can extract other claims as needed by accessing the corresponding fields in the payloadJson object.

Please note that manually decoding the JWT token can be error-prone and may not cover all possible scenarios, so using a well-tested library like java-jwt is recommended for production use.

Top Search

How to validate a jwt token in java?

How To generate a JWT token?

How to generate bearer token using JWT?

What are the Benefits of Jwt?

BY: Balmiki Mandal

Related Blogs
07 Sep 2022

How the array are in contiguous memory location in java

04 Feb 2023

History of Java

Post Comments.

Login to Post a Comment

No comments yet, Be the first to comment.

Blog Categories.

Popular Tags.

Featured Course.

Trending

C-Programming From Scratch to Advanced 2023-2024

C Programming 315