Decode JWT Tokens With Dataweave and MuleSoft
A developer explains the concepts behind JSON Web Tokens (JWTs) and how to decode them in your application using Java, MuleSoft, and DataWeave.
CORE
·
Join the DZone community and get the full member experience.
Join For FreeIntroduction
JWT stands for JSON Web Tokens and it represents the claims that needs to be securely transferred between two parties. It's a light weight, JSON-based, URL safe token and claim that is encoded as a JSON object which is digitally signed with a JSON Web Signature (JWS) and encrypted using JSON Web encryption (JWE).
JSON Web Token is Base64 encoded and it consists of three parts separated by the dots (.).
- Header
- Body
- Signature
JWT Tokens look like the following:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header - eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
Body - eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ
Signature - SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
You can use jwt.io for decoding the JWT token.
It is also possible to decode JWT programmatically using Java or any other languages. Below is some Java code to create JWTs.
Java Code
xxxxxxxxxx
package com.jwt.decode;
import org.apache.commons.codec.binary.Base64;
public class DecodeJWT {
public static String decodeJWTHeader(String jwtToken)
{
String[] splitToken = jwtToken.split("\\.");
String encodedHeader= splitToken[0];
Base64 base64Url = new Base64(true);
String header = new String(base64Url.decode(encodedHeader));
return header;
}
public static String decodeJWTBody(String jwtToken)
{
String[] splitToken = jwtToken.split("\\.");
String encodedBody= splitToken[1];
Base64 base64Url = new Base64(true);
String body = new String(base64Url.decode(encodedBody));
return body;
}
public static String decodeJWTSignature(String jwtToken)
{
String[] splitToken = jwtToken.split("\\.");
String encodedSignature= splitToken[2];
Base64 base64Url = new Base64(true);
String signature = new String(base64Url.decode(encodedSignature));
return signature;
}
}
POM Dependency:
xxxxxxxxxx
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.10</version>
</dependency>
In the above Java code, there are three functions for decoding and extracting the Header, Body, and Signature.
Decode JWT Token With MuleSoft Dataweave
MuleSoft provides the dw::core::Binaries library that can be used to decode the JWT Token. This library has a function, fromBase64, that can be used to decode the JWT Token. Below is the Dataweave code showing how to decode a JWT token and extract the header and body.
Dataweave
xxxxxxxxxx
%dw 2.0
import fromBase64 from dw::core::Binaries
output application/json
var splitPayload = (payload.token splitBy ".")
---
{
header:read(fromBase64(splitPayload[0]),"application/json"),
body:read(fromBase64(splitPayload[1]),"application/json")
}
The read function basically reads the string or binary and returns the parsed content. In this case, fromBase64 will return a string and, using the read function, it will be converted into JSON.
Input
xxxxxxxxxx
{ "token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
Output
xxxxxxxxxx
{
"header": {
"alg": "HS256",
"typ": "JWT"
},
"body": {
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
}
This shows how easily you can decode the JWT token using MuleSoft Dataweave.
Opinions expressed by DZone contributors are their own.
Comments