The library PyJWT has an option to decode a JWT without verification:
Without this option, the decode function does not only decode the token but also verifies the signature and you would have to provide the matching key. And that’s of course the recommended way.
But if you, for whatever reason, just want to decode the payload, set the option verify_signatureto false.
import jwt
key='super-secret'
payload={"id":"1","email":"[email protected]" }
token = jwt.encode(payload, key)
print (token)
decoded = jwt.decode(token, options={"verify_signature": False}) # works in PyJWT >= v2.0
print (decoded)
print (decoded["email"])
For PyJWT < v2.0 use:
decoded = jwt.decode(token, verify=False) # works in PyJWT < v2.0
It returns a dictionary so that you can access every value individually:
b’eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJlbWFpbCI6Im15ZW1haWxAZ21haWwuY29tIn0.ljEqGNGyR36s21NkSf3nv_II-Ed6fNv_xZL6EdbqPvw’
{‘id’: ‘1’, ’email’: ‘[email protected]’}
Note: there are other JWT libs for python as well and this might also be possible with other libs.