How do I view the data stored in a JWT? Using auth0 and express-jwt

1
votes

Right now I believe I have most things setup correctly. Auth0 is saving the jwt to the client who is then using it for future requests. I use express-jwt to verify the token. From reading the Auth0 docs, I think I need the client secret (when I use that to decode the jwt I get an odd error: UnauthorizedError: error:0906D06C:PEM routines:PEM_read_bio:no start line) So I'm just wondering where about's this secret key comes from? Thanks

2
node.jsexpressjwtauth0express-jwt
In the code provided in your question, you are using JWKS and RS256 - so no client secret required in order to verify the token. Difficult to comment further as you have offered limited info. What are you trying to achieve?arcseldon
Sorry for the late reply, as far as I knew Auth0 encodes the user profile into the JWT, so you can access the username and email etc. This is the information that I'm trying to readShaun O' Neill
Thanks for clarifying - so you'd like to read the claims from body of JWT. Please see my answer below.arcseldon
This website is helpful for just pasting the JWT in, and seeing what it looks like decoded too - jwt.ioarcseldon
What I mean is, the host website can access the logged in users username, but if the server decodes the token, it just gets the base 64 decoded contents, not the email etc which is already in the tokenShaun O' Neill

2 Answers

0
votes

Based on comment from OP, to read the values of the body of JWT, simply base64 decode it. You can use a library for this, eg jwt-decode for nodejs.

See example usage below (taken from README for lib):

var jwtDecode = require('jwt-decode');
var token = 'eyJ0eXAiO.../// jwt token';

var decoded = jwtDecode(token);
console.log(decoded);

/* prints:
 * { foo: "bar",
 *   exp: 1393286893,
 *   iat: 1393268893  }
 */

The claims that will be in your Token (here, referring to ID Token) are dependent on what scope you provided when you authenticated. For instance, if you use scope: openid profile email you will get everything returned inside your ID Token.

Here, assumed the JWT was verified using library, and now you have the JWT you'd like to read some if its claims from the body.

0
votes

If you are using express-jwt middleware then payload is by default saved in request object and you can access it like this request.user

Example for an endpoint:

//jwtMiddleware is express-jwt middleware
app.get('/', jwtMiddleware, function (req, res) {
  console.log(req.user);
  res.send('hello world');
});