auth0 / jwt-decode Goto Github PK

To read the 'kid' property?

I want to validate if the given string is a JWT or not. So basically I do

if (!jwtDecode(AccessIDv)){
//Show error
}
else{
//Verify
}

• It throws an object when I have valid JWT but whenever I put a random string it returns nothing hence !jwtDecode(AccessIDv) the loop doesn't work and throws an HTTP 500 error. Please add a return object when string is not JWT

can you include a type definition file? probably starting off with something like
lib/index.d.ts

function jwtDecode(token: string): any;
namespace jwtDecode {}
export = jwtDecode;

package.json

{
  "typings": "lib/index.d.ts"
}

related PatrickJS/PatrickJS-starter#755 (comment)

I recently worked on 'browserifying' all the things.
So I wanted to use this jwt-decode script from npm.

I used the following syntax global.jwt_decode = require('jwt-decode');
But every time i run gulp it fails Error: Cannot find module 'jwt-decode' from '{{path_to_my_file}}'

I have googled the complete day now and I couldn't find a solution for the problem.

What I already tested:

• Ran npm install --save-dev jwt-decode multiple times.
• Verified that the jwt-decode directory does exist inside the node_modules directory.
• Tested to select the build file directly using ... require('jwt-decode/build/jwt-deocde')
• Tested to select the minified build file directly using ... require('jwt-decode/build/jwt-deocde.min')
• Tested to select the lib file directly using ... require('jwt-decode/lib/index')

I have no idea why this isn't working.
Also on the same setup requiring jQuery works fine.

It will useful to add some method to validate that all three segments of jwt is valid and can be decoded successfully, or additional check can be integrated into the main method, raising error if some of segments not valid

Query 1:

You decode the jwt-token on client-side on the below example
https://github.com/auth0/angularjs-jwt-authentication-tutorial
Because to decode i need the secret-key and if I put the secret-key on client side it definitely not secure.

Query 2:

Also I am try to copy the jwt-token and open the url on another browser and pasted the jwt-token and wallah ...I got authentication. So if someone can get to my browser and copy that token s/he will get the access.

On OS X I've been getting:

grunt test
Running "clean:build" (clean) task
Cleaning build/...OK

....
Running "exec:test-phantom" (exec) task
>> (node:3885) DeprecationWarning: process.EventEmitter is deprecated. Use require('events') instead.

and no outputs.

This can be fixed just by updating Testem deps:

grunt test    

Running "clean:build" (clean) task
Cleaning build/...OK

Running "browserify:dist" (browserify) task
>> Bundle build/jwt-decode.js created.

Running "browserify:dist" (browserify) task
>> Bundle build/jwt-decode.js created.

Running "uglify:min" (uglify) task
File "build/jwt-decode.min.js" created.

Running "exec:test-phantom" (exec) task
ok 1 PhantomJS 2.1 - jwt-decode should fail to construct without a clientID
ok 2 PhantomJS 2.1 - jwt-decode should return header information
ok 3 PhantomJS 2.1 - jwt-decode should work with utf8 tokens
ok 4 PhantomJS 2.1 - jwt-decode should work with binary tokens

1..4
# tests 4
# pass  4
# skip  0
# fail  0

# ok

Done, without errors.

diff --git a/package.json b/package.json
index 050f0d7..03d6167 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "grunt-s3": "~0.2.0-alpha.3",
     "mocha": "~1.13.0",
     "rimraf": "~2.2.2",
-    "testem": "~0.5.8",
+    "testem": "~1.14.3",
     "uglify-js": "~2.4.0"
   }
 }

Is it OK to go with PR? (note the change in semver is major one).

I have attempted:

 require([ 'jwt-decode' ], function(jwt_decode) {
     var token = ...;
     var decoded = jwt_decode(token);
 });

I also attempted without assigning jwt_decode in the function (hoping for the global jwt_decode function to be available).

In both cases, jwt_decode is undefined, although the library is definitely being loaded.

I ended up working around this by just including the library directly before doing anything with requirejs.

jwt-decode has it's own dependency to npm base64 -and with latest node.js you can't build the base64 packages anymore. It generates a flood of syntax errors in the base64 package codebase and it seems that this is caused by breaking changes in V8.

Now quite interesting, as stated on the base64 package page (https://github.com/pkrumins/node-base64)

Update: this module may no longer be necessary as nodejs includes its own
base64 encoding/decoding functions.

Is an update of jwt-decode planned somehow? I think best would be to change to native base64 functionality and remove the dependency fully. I didn't knew about those changes and googled around a bit, seems that basic Buffer objects can handle that already pretty well, or do i miss something that would break the current "base64_url_decode" implementation of the jwt-decode package?

http://stackoverflow.com/a/6182519/1214508

what i try for the moment is to create my own common class which tries to replicate the functionality of jwt-decode with basic base64 impl of node.js

'//@ sourceURL' and '//@ sourceMappingURL' are deprecated, please use '//# sourceURL=' and '//# sourceMappingURL=' instead.

Version: 2.0.1

There is an error on line 108 in JWTDecode.swift after updating to XCode 7.0

Hi! I received an alert from my host that the script has a suspicious eval() code, this is the alert:

Debugging it I found that this code came from here https://github.com/auth0/jwt-decode/blob/master/build/jwt-decode.js#L56

Do you think that we have a workaround with this eval function?

Tried to load jwt-decode in an angular 2 project however it always returns jwt-decode is not a module. Can you please add a webpack build?

install in ng2 cli project with npm install jwt_decode. Then load in module through_

import {jwt_decode} from "jwt_decode";

results in error:

Uncaught Error: Cannot find module "jwt_decode"

For now, I'm using the following script instead:

wt_decode (token) {
  var base64Url = token.split('.')[1];
  var base64 = base64Url.replace('-', '+').replace('_', '/');
  return JSON.parse(window.atob(base64));
};

I'm using Babel and Webpack, with Jest set up for testing to use Babel too. Both the browser and the specs show this error when I try to use the library:

InvalidTokenError
    at Object.<anonymous> (/Users/matthewgibson/code/prodmin/node_modules/jwt-decode/lib/index.js:9:31)
    at Runtime._execModule (/Users/matthewgibson/code/prodmin/node_modules/jest-runtime/build/index.js:448:13)
    at Runtime.requireModule (/Users/matthewgibson/code/prodmin/node_modules/jest-runtime/build/index.js:265:14)
    at Runtime.requireModuleOrMock (/Users/matthewgibson/code/prodmin/node_modules/jest-runtime/build/index.js:337:19)
    at Object.<anonymous> (/Users/matthewgibson/code/prodmin/src/redux/selectors/authenticationSelectors.js:2:18)

This is line 2 from authenticationSelectors.js:

import jwtDecoder from 'jwt-decode';

It seems that Jest is trying to run the function that is assigned to module.exports when importing it, rather than just pulling it out as-is. The error is because no arguments are supplied, so the token is undefined.

I was looking for ESM support and couldn't get it to work so I rewrote with ESM support (jrgleason#1) I would say using this then using webpack to make an ES5 version in dist would be the right way to go.

Hey, on NPM page Github repo links are outdated:
https://www.npmjs.com/package/jwt-decode

github.com/auth0/jwt-decode.js
https://github.com/auth0/jwt-decode.js/blob/master/auth0.com
https://github.com/auth0/jwt-decode.js/blob/master/LICENSE.txt

I have tried to install Jwt libraries but does not worked and i got news that is deprecated in latest angular release . :). I also tried https://stackoverflow.com/questions/41818822/how-to-import-the-jwt-decode-type-definition-into-typescript-ionic-2 solution but failed .

I am using interceptor too and HttpClient also .means that new stuff working fine .

but there is bug to decode jwt token and unable to install jwt libraries.

Was removed in a previous commit.

Hi,

This is not an issue but a query. Does JWT-decode work with React-Native? I'm building an app with authentication and this library keeps getting recommended by other developers, but I'm unsure if it works with React-Native.

Would appreciate any input

Thanks,

Alex

The method for parsing json depends on window being available which prohibits use in node.js

I get Invalid token specified: Cannot read property 'replace' of undefined:

Object.<anonymous> ../node_modules/jwt-decode/lib/index.js 9:0
Showing original source content from sourcemap
'use strict';
 var base64_url_decode = require('./base64_url_decode');
 function InvalidTokenError(message) {
  this.message = message;
}
 InvalidTokenError.prototype = new Error();
InvalidTokenError.prototype.name = 'InvalidTokenError';
 
module.exports = function(token, options) {
    if (typeof token !== 'string') {
      throw new InvalidTokenError('Invalid token specified');
    }

Can i get any help ASAP please?!

Does anyone know how to deal with this. I am using jwt_decode script for decoding jwt token. It works well in Chrome and Edge but I got this error in Firefox: ReferenceError: jwt_decode is not defined.

I use this in all my Angular projects, so you might want to include it:

jwtdecode.pipe.ts

import { Pipe, PipeTransform } from "@angular/core";
import * as jwtDecode from "jwt-decode";

@Pipe({ name: "jwtdecode" })
export class JwtDecode implements PipeTransform {
  transform(token: string): any {
    if (!token) return token;
    return jwtDecode(token);
  }
}

app.module

import { JwtDecode } from './pipes/jwtdecode.pipe';

@NgModule({
  declarations: [ JwtDecode, /* ... */ ]
  // ...
})
export class AppModule {
  // ...
}

usage

<pre>{{IdToken | jwtdecode | json}}</pre>
<pre>{{accessToken | jwtdecode | json}}</pre>

Before committing/start using jwt-decode I just want to know still actively maintained.

Thanks for the great work.

I just wanted to express my intense gratitude for this elegant project. It's really helped me in a major project of mine.

Sorry for the out of context, but I have no idea how else to communicate via GitHub.

I think it would be worth it for this library to provide verification as well as the regular decode functionality. You wouldn't want to do this with symmetric key signing, but it'd work well with asymmetric auth.

I think you could probably pull the verify method from node-jsonwebtoken into this codebase without a lot of fuss. What do you guys think? For my use case, I'll need this and I"ll likely fork the library. I could submit a pull request.

I'm getting this error:

Invalid token specified: Cannot read property 'replace' of undefined

I'm using latest Create-React-App and Chrome browser. Please help

It looks like this package isn't being found in the bower repositories. Any chance that can be fixed? :)

InvalidTokenError: Invalid token specified
when logout i am clearing the local storage.

lines 131-132-133-134
const token = this.getJWTFromCookies();
console.log(token);
const jwtDecode = require('jwt-decode');
const decoded = jwtDecode(token);

Traceback:

core.js:1671 ERROR Error: Uncaught (in promise): InvalidTokenError: Invalid token specified: Cannot read property 'replace' of undefined
InvalidTokenError
at Object../node_modules/jwt-decode/lib/index.js (index.js:9)
at webpack_require (bootstrap:76)
at Object../src/app/_services/authentication.service.ts (appointments.service.ts:39)
at webpack_require (bootstrap:76)
at Object../src/app/appointments/update-appointment/update-appointment.component.ts (main.js:11191)
at webpack_require (bootstrap:76)
at Object../src/app/app.module.ts (app.config.ts:8)
at webpack_require (bootstrap:76)
at Object../src/main.ts (environment.ts:8)
at webpack_require (bootstrap:76)
at Object../node_modules/jwt-decode/lib/index.js (index.js:9)
at webpack_require (bootstrap:76)
at Object../src/app/_services/authentication.service.ts (appointments.service.ts:39)
at webpack_require (bootstrap:76)
at Object../src/app/appointments/update-appointment/update-appointment.component.ts (main.js:11191)
at webpack_require (bootstrap:76)
at Object../src/app/app.module.ts (app.config.ts:8)
at webpack_require (bootstrap:76)
at Object../src/main.ts (environment.ts:8)
at webpack_require (bootstrap:76)
at resolvePromise (zone.js:814)
at new ZoneAwarePromise (zone.js:894)
at AuthenticationService.push../src/app/_services/authentication.service.ts.AuthenticationService.resolveRouting (authentication.service.ts:96)
at authentication.service.ts:70
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (zone.js:388)
at Object.onInvoke (core.js:3825)
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (zone.js:387)
at Zone.push../node_modules/zone.js/dist/zone.js.Zone.run (zone.js:138)
at zone.js:872
at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:421)
defaultErrorLogger @ core.js:1671
push../node_modules/@angular/core/fesm5/core.js.ErrorHandler.handleError @ core.js:1717
next @ core.js:4320
schedulerFn @ core.js:3556
push../node_modules/rxjs/_esm5/internal/Subscriber.js.SafeSubscriber.__tryOrUnsub @ Subscriber.js:195
push../node_modules/rxjs/_esm5/internal/Subscriber.js.SafeSubscriber.next @ Subscriber.js:133
push../node_modules/rxjs/_esm5/internal/Subscriber.js.Subscriber._next @ Subscriber.js:77
push../node_modules/rxjs/_esm5/internal/Subscriber.js.Subscriber.next @ Subscriber.js:54
push../node_modules/rxjs/_esm5/internal/Subject.js.Subject.next @ Subject.js:47
push../node_modules/@angular/core/fesm5/core.js.EventEmitter.emit @ core.js:3540
(anonymous) @ core.js:3847
push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke @ zone.js:388
push../node_modules/zone.js/dist/zone.js.Zone.run @ zone.js:138
push../node_modules/@angular/core/fesm5/core.js.NgZone.runOutsideAngular @ core.js:3784
onHandleError @ core.js:3847
push../node_modules/zone.js/dist/zone.js.ZoneDelegate.handleError @ zone.js:392
push../node_modules/zone.js/dist/zone.js.Zone.runGuarded @ zone.js:154
_loop_1 @ zone.js:677
api.microtaskDrainDone @ zone.js:686
drainMicroTaskQueue @ zone.js:602
push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask @ zone.js:500
invokeTask @ zone.js:1540
globalZoneAwareCallback @ zone.js:1566
error (async)
customScheduleGlobal @ zone.js:1666
push../node_modules/zone.js/dist/zone.js.ZoneDelegate.scheduleTask @ zone.js:407
onScheduleTask @ zone.js:297
push../node_modules/zone.js/dist/zone.js.ZoneDelegate.scheduleTask @ zone.js:401
push../node_modules/zone.js/dist/zone.js.Zone.scheduleTask @ zone.js:232
push../node_modules/zone.js/dist/zone.js.Zone.scheduleEventTask @ zone.js:258
(anonymous) @ zone.js:1831
(anonymous) @ http.js:1628
push../node_modules/rxjs/_esm5/internal/Observable.js.Observable._trySubscribe @ Observable.js:42
push../node_modules/rxjs/_esm5/internal/Observable.js.Observable.subscribe @ Observable.js:28
(anonymous) @ subscribeTo.js:21
subscribeToResult @ subscribeToResult.js:6
push../node_modules/rxjs/_esm5/internal/operators/mergeMap.js.MergeMapSubscriber._innerSub @ mergeMap.js:70
push../node_modules/rxjs/_esm5/internal/operators/mergeMap.js.MergeMapSubscriber._tryNext @ mergeMap.js:67
push../node_modules/rxjs/_esm5/internal/operators/mergeMap.js.MergeMapSubscriber._next @ mergeMap.js:50
push../node_modules/rxjs/_esm5/internal/Subscriber.js.Subscriber.next @ Subscriber.js:54
(anonymous) @ scalar.js:5
push../node_modules/rxjs/_esm5/internal/Observable.js.Observable._trySubscribe @ Observable.js:42
push../node_modules/rxjs/_esm5/internal/Observable.js.Observable.subscribe @ Observable.js:28
push../node_modules/rxjs/_esm5/internal/operators/mergeMap.js.MergeMapOperator.call @ mergeMap.js:28
push../node_modules/rxjs/_esm5/internal/Observable.js.Observable.subscribe @ Observable.js:23
push../node_modules/rxjs/_esm5/internal/operators/filter.js.FilterOperator.call @ filter.js:15
push../node_modules/rxjs/_esm5/internal/Observable.js.Observable.subscribe @ Observable.js:23
push../node_modules/rxjs/_esm5/internal/operators/map.js.MapOperator.call @ map.js:18
push../node_modules/rxjs/_esm5/internal/Observable.js.Observable.subscribe @ Observable.js:23
push../src/app/_services/authentication.service.ts.AuthenticationService.tokenConfiguration @ authentication.service.ts:64
push../src/app/_services/authentication.service.ts.AuthenticationService.login @ authentication.service.ts:59
push../src/app/auth/login/login.component.ts.LoginComponent.onSubmit @ login.component.ts:62
(anonymous) @ LoginComponent.html:9
handleEvent @ core.js:10259
callWithDebugContext @ core.js:11352
debugHandleEvent @ core.js:11055
dispatchEvent @ core.js:7718
(anonymous) @ core.js:9198
schedulerFn @ core.js:3568
push../node_modules/rxjs/_esm5/internal/Subscriber.js.SafeSubscriber.__tryOrUnsub @ Subscriber.js:195
push../node_modules/rxjs/_esm5/internal/Subscriber.js.SafeSubscriber.next @ Subscriber.js:133
push../node_modules/rxjs/_esm5/internal/Subscriber.js.Subscriber._next @ Subscriber.js:77
push../node_modules/rxjs/_esm5/internal/Subscriber.js.Subscriber.next @ Subscriber.js:54
push../node_modules/rxjs/_esm5/internal/Subject.js.Subject.next @ Subject.js:47
push../node_modules/@angular/core/fesm5/core.js.EventEmitter.emit @ core.js:3540
push../node_modules/@angular/forms/fesm5/forms.js.NgForm.onSubmit @ forms.js:3801
(anonymous) @ LoginComponent.html:8
handleEvent @ core.js:10259
callWithDebugContext @ core.js:11352
debugHandleEvent @ core.js:11055
dispatchEvent @ core.js:7718
(anonymous) @ core.js:8162
(anonymous) @ platform-browser.js:995
push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask @ zone.js:421
onInvokeTask @ core.js:3816
push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask @ zone.js:420
push../node_modules/zone.js/dist/zone.js.Zone.runTask @ zone.js:188
push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask @ zone.js:496
invokeTask @ zone.js:1540
globalZoneAwareCallback @ zone.js:1566

This broke yesterday

Can i get any help ASAP please?!

Hi, I'm struggling with jwt-decode in my react native app, whenever I start expo i get Invalid Token Specified error, what am i missing? Here is my code:

var jwt_decode = require('jwt-decode');
import { AsyncStorage } from 'react-native';
const initialState = {
  user: null
};
if (AsyncStorage.getItem('jwtToken')) {
  const decodedToken = jwt_decode(AsyncStorage.getItem('jwtToken'));

  if (decodedToken.exp * 1000 < Date.now()) {
    AsyncStorage.removeItem('jwtToken');
  } else {
    initialState.user = decodedToken;
  }
}

const AuthContext = createContext({
  user: null,
  login: (userData) => {},
  logout: () => {}
});

function authReducer(state, action) {
  switch (action.type) {
    case 'LOGIN':
      return {
        ...state,
        user: action.payload
      };
    case 'LOGOUT':
      return {
        ...state,
        user: null
      };
    default:
      return state;
  }
}

function AuthProvider(props) {
  const [state, dispatch] = useReducer(authReducer, initialState);

  login = async (userData) => {
    try{
      await AsyncStorage.setItem('jwtToken', userData.token);
      dispatch({
      type: 'LOGIN',
      payload: userData
    });
  } catch(e) {
    // save error
  }
  }

  logout = async () => {
    try{
    await AsyncStorage.removeItem('jwtToken');
    dispatch({ type: 'LOGOUT' });
    } catch(e) {
      // save error
    }
  }

  return (
    <AuthContext.Provider
      value={{ user: state.user, login, logout }}
      {...props}
    />
  );
}

export { AuthContext, AuthProvider };`

I am following your Code as usually ,

Firstly i installed this npm install jwt-decode --save

after that

var logindata = " token"

var token = logindata;
var decoded = jwt_decode(token);
alert(":"+decoded);

getting Error

How can we know what has changed or if there are any security related updates?

Thanks.

Release for swift 3?

I'm seeing a 'Invalid calling object' exception in IE 11 when calling jwtDecode with my token. Other browsers seem to all be working.

It looks like this may be related to not binding window.atob in lib/atob.js when the polyfill isn't used.

Stack:

{exception} :
  description: "Invalid calling object",
  message: "Invalid calling object",
  name: "TypeError",
  number: -2147418113,
  stack "TypeError: Invalid calling object\n   at b64DecodeUnicode (eval code:4:3)\n   at module.exports (eval code:29:5)\n   at module.exports (eval code:10:3)\n   at updateAuthToken (eval code:34:3)\n   at auth (eval code:96:7)\n   at combination (eval code:117:7)\n   at dispatch (eval code:179:7)\n   at Anonymous function (eval code:208:13)\n   at Anonymous function (eval code:14:9)\n   at Anonymous function (eval code:140:9)"

Manual checks via debugger in b64DecodeUnicode:

window.atob('test')
"µë-"
atob('test')
Invalid calling object
atob
function atob() { [native code] }
atob === window.atob
True
var bound_atob = window.atob.bind(window);
undefined
bound_atob('test')
"µë-"

I'm in need to receive not the payload but the HEADER of a jwt. I was surprised when I found out, that jwt_decode just statically uses the [1] index of the jwt.
(here: https://github.com/auth0/jwt-decode/blob/master/lib/index.js#L10)

May I suggest to add an alternative option argument to handle that issue? Something like:

jwt_decode(token,{ header: true });

or am I missing something fundamental?

As far as I could understand, jwt-decode doesn't check if the token expired, does it?
If yes, how can I check if the token expired?
If not, is there any way to do that easily?
Thanks

This is a great lib, and I like that it's available via Bower.

One thing that would make it even better would be to publish a named AMD. They play well with ES6 modules and are used in e.g. ember-cli (the official tooling for Ember.js).

Here is an example of a library that exports a plain amd and a named-amd (for reference):
https://github.com/instructure/ic-ajax/tree/master/dist

More on AMD:
http://requirejs.org/docs/whyamd.html

According to MDN the global escape method used in base64_url_decode.js is deprecated and should not be relied on.

Some of our users have randomly been getting errors like and Invalid token specified: e is undefined thrown when their token is decoded. The odd thing is, I've checked all of their tokens and they all look fine. Does anybody know where I should start looking to figure out what the issue might be here?

For what it's worth, I'm logging out the token before I run it through jwt_decode() and all of our logs get recorded so I know that the token is there and that it's a valid token. Also, I think this has only ever come up in Firefox.

what should I do after the following

var jwtDecode = require('jwt-decode');

I am very new to typescript and node

`import * as JWT from 'jwt-decode';

decodeToken(token: string) {
return JWT(token);
}
`
I have this error when i decode my token : Invalid token specified: Cannot read property 'replace' of undefined

An idea ?

It appears this package doesn't support GZIP support. Any chance that is being looked at as JWT supports GZIP.

Inside a worker thread it throws error due to missing window object.

https://github.com/AndrewSB/Expirable

This github has a great way for detecting if a JWT is soon to be expired as well as expiresAt.

Was wondering if it was able to be subclassed