1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import { decode as base64url } from './base64url.ts'import { decoder } from '../lib/buffer_utils.ts'import isObject from '../lib/is_object.ts'import type { JWTPayload } from '../types.d.ts'import { JWTInvalid } from './errors.ts'
/** * Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set types or * values. This does not validate the JWS Signature. For a proper Signed JWT Claims Set validation * and JWS signature verification use `jose.jwtVerify()`. For an encrypted JWT Claims Set validation * and JWE decryption use `jose.jwtDecrypt()`. * * @param jwt JWT token in compact JWS serialization. */export function decodeJwt<PayloadType = JWTPayload>(jwt: string): PayloadType & JWTPayload {  if (typeof jwt !== 'string')    throw new JWTInvalid('JWTs must use Compact JWS serialization, JWT must be a string')
  const { 1: payload, length } = jwt.split('.')
  if (length === 5) throw new JWTInvalid('Only JWTs using Compact JWS serialization can be decoded')  if (length !== 3) throw new JWTInvalid('Invalid JWT')  if (!payload) throw new JWTInvalid('JWTs must contain a payload')
  let decoded: Uint8Array  try {    decoded = base64url(payload)  } catch {    throw new JWTInvalid('Failed to base64url decode the payload')  }
  let result: unknown  try {    result = JSON.parse(decoder.decode(decoded))  } catch {    throw new JWTInvalid('Failed to parse the decoded payload as JSON')  }
  if (!isObject<PayloadType & JWTPayload>(result)) throw new JWTInvalid('Invalid JWT Claims Set')
  return result}