{"id":13796668,"url":"https://github.com/auth0/jwt-decode","last_synced_at":"2025-05-13T15:05:59.453Z","repository":{"id":14436182,"uuid":"17147559","full_name":"auth0/jwt-decode","owner":"auth0","description":"Decode JWT tokens; useful for browser applications.","archived":false,"fork":false,"pushed_at":"2025-03-28T18:51:09.000Z","size":991,"stargazers_count":3310,"open_issues_count":7,"forks_count":338,"subscribers_count":139,"default_branch":"main","last_synced_at":"2025-05-05T22:41:58.848Z","etag":null,"topics":["dx-sdk","jwt"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2014-02-24T19:18:02.000Z","updated_at":"2025-05-03T10:08:09.000Z","dependencies_parsed_at":"2023-02-16T17:45:49.072Z","dependency_job_id":"72a81ff9-0ad0-48f3-afac-b35c5b6debba","html_url":"https://github.com/auth0/jwt-decode","commit_stats":{"total_commits":266,"total_committers":48,"mean_commits":5.541666666666667,"dds":0.736842105263158,"last_synced_commit":"3d372e9875ff673228a9f2d9df74e84690842a9c"},"previous_names":[],"tags_count":30,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwt-decode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwt-decode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwt-decode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0%2Fjwt-decode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0","download_url":"https://codeload.github.com/auth0/jwt-decode/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253969135,"owners_count":21992261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dx-sdk","jwt"],"created_at":"2024-08-03T23:01:13.511Z","updated_at":"2025-05-13T15:05:58.805Z","avatar_url":"https://github.com/auth0.png","language":"TypeScript","readme":"![Browser library that helps decoding JWT tokens which are Base64Url encoded](https://cdn.auth0.com/website/sdks/banners/jwt-decode-banner.png)\n\n**IMPORTANT:** This library doesn't validate the token, any well-formed JWT can be decoded. You should validate the token in your server-side logic by using something like [express-jwt](https://github.com/auth0/express-jwt), [koa-jwt](https://github.com/stiang/koa-jwt), [Microsoft.AspNetCore.Authentication.JwtBearer](https://www.nuget.org/packages/Microsoft.AspNetCore.Authentication.JwtBearer), etc.\n\n![Release](https://img.shields.io/npm/v/jwt-decode)\n![Downloads](https://img.shields.io/npm/dw/jwt-decode)\n[![License](https://img.shields.io/:license-MIT-blue.svg?style=flat)](https://opensource.org/licenses/MIT)\n[![CircleCI](https://img.shields.io/circleci/build/github/auth0/jwt-decode)](https://circleci.com/gh/auth0/jwt-decode)\n\n:books: [Documentation](#documentation) - :rocket: [Getting Started](#getting-started) - :speech_balloon: [Feedback](#feedback)\n\n## Documentation\n\n- [Docs site](https://www.auth0.com/docs) - explore our docs site and learn more about Auth0.\n\n## Getting started\n\n### Installation\n\nInstall with NPM or Yarn.\n\nRun `npm install jwt-decode` or `yarn add jwt-decode` to install the library.\n\n### Usage\n\n```js\nimport { jwtDecode } from \"jwt-decode\";\n\nconst token = \"eyJ0eXAiO.../// jwt token\";\nconst decoded = jwtDecode(token);\n\nconsole.log(decoded);\n\n/* prints:\n * { \n *   foo: \"bar\",\n *   exp: 1393286893,\n *   iat: 1393268893  \n * }\n */\n\n// decode header by passing in options (useful for when you need `kid` to verify a JWT):\nconst decodedHeader = jwtDecode(token, { header: true });\nconsole.log(decodedHeader);\n\n/* prints:\n * { \n *   typ: \"JWT\",\n *   alg: \"HS256\" \n * }\n */\n```\n\n**Note:** A falsy or malformed token will throw an `InvalidTokenError` error; see below for more information on specific errors.\n\n## Polyfilling atob\n\nThis library relies on `atob()`, which is a global function available on [all modern browsers as well as every supported node environment](https://developer.mozilla.org/en-US/docs/Web/API/atob#browser_compatibility).\n\nIn order to use `jwt-decode` in an environment that has no access to `atob()` (e.g. [React Native](https://github.com/facebook/hermes/issues/1178)), ensure to provide the corresponding polyfill in your application by using [`core-js/stable/atob`](https://www.npmjs.com/package/core-js):\n\n```js\nimport \"core-js/stable/atob\";\n```\n\nAlternatively, you can also use [`base-64`](https://www.npmjs.com/package/base-64) and polyfill `global.atob` yourself:\n\n```js\nimport { decode } from \"base-64\";\nglobal.atob = decode;\n```\n\n## Errors\n\nThis library works with valid JSON web tokens. The basic format of these token is\n```\n[part1].[part2].[part3]\n```\nAll parts are supposed to be valid base64 (url) encoded json.\nDepending on the `{ header: \u003coption\u003e }` option it will decode part 1 (only if header: true is specified) or part 2 (default)\n\nNot adhering to the format will result in a `InvalidTokenError` with one of the following messages:\n\n- `Invalid token specified: must be a string` =\u003e the token passed was not a string, this library only works on strings. \n- `Invalid token specified: missing part #` =\u003e this probably means you are missing a dot (`.`) in the token \n- `Invalid token specified: invalid base64 for part #` =\u003e the part could not be base64 decoded (the message should contain the error the base64 decoder gave)\n- `Invalid token specified: invalid json for part #` =\u003e the part was correctly base64 decoded, however, the decoded value was not valid JSON (the message should contain the error the JSON parser gave)\n\n#### Use with TypeScript\n\nThe return type of the `jwtDecode` function is determined by the `header` property of the object passed as the second argument. If omitted (or set to false), it'll use `JwtPayload`, when true it will use `JwtHeader`. \nIf needed, you can specify what the expected return type should be by passing a type argument to the `jwtDecode` function.\n\nYou can extend both `JwtHeader` and `JwtPayload` to include non-standard claims or properties.\n\n```typescript\nimport { jwtDecode } from \"jwt-decode\";\n\nconst token = \"eyJhsw5c\";\nconst decoded = jwtDecode\u003cJwtPayload\u003e(token); // Returns with the JwtPayload type\n```\n\n#### Use as a CommonJS package\n\n```javascript\nconst { jwtDecode } = require('jwt-decode');\n...\n```\n\n#### Include with a script tag\n\nCopy the file `jwt-decode.js` from the root of the `build/esm` folder to your project somewhere, then import `jwtDecode` from it inside a script tag that's marked with `type=\"module\"`:\n\n```html\n\u003cscript type=\"module\"\u003e\n  import { jwtDecode } from \"/path/to/jwt-decode.js\";\n\n  const token = \"eyJhsw5c\";\n  const decoded = jwtDecode(token);\n\u003c/script\u003e\n```\n\n## Feedback\n\n### Contributing\n\nWe appreciate feedback and contribution to this repo! Before you get started, please see the following:\n\n- [Auth0's general contribution guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)\n- [Auth0's code of conduct guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)\n\n### Raise an issue\n\nTo provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/auth0/jwt-decode/issues).\n\n### Vulnerability Reporting\n\nPlease do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png\"   width=\"150\"\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cdn.auth0.com/website/sdks/logos/auth0_dark_mode.png\" width=\"150\"\u003e\n    \u003cimg alt=\"Auth0 Logo\" src=\"https://cdn.auth0.com/website/sdks/logos/auth0_light_mode.png\" width=\"150\"\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003eAuth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout \u003ca href=\"https://auth0.com/why-auth0\"\u003eWhy Auth0?\u003c/a\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\nThis project is licensed under the MIT license. See the \u003ca href=\"./LICENSE\"\u003e LICENSE\u003c/a\u003e file for more info.\u003c/p\u003e\n","funding_links":[],"categories":["Libraries","TypeScript"],"sub_categories":["JavaScript"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fjwt-decode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0%2Fjwt-decode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0%2Fjwt-decode/lists"}