jwt_decode
Decode a JWT to extract its header, payload, and signature without verification, enabling detailed analysis of token contents. Part of the JWT Auditor MCP Server for advanced token auditing.
Instructions
Decode a JWT and return its header, payload, and signature (no verification).
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| token | Yes |
Implementation Reference
- server.py:9-29 (handler)The jwt_decode tool handler, decorated with @server.tool() for registration. Decodes a JWT token by splitting into parts, padding and base64 decoding header and payload, and returning them along with the raw signature. Handles errors gracefully.@server.tool() def jwt_decode(token: str) -> dict: """Decode a JWT and return its header, payload, and signature (no verification).""" try: header_b64, payload_b64, signature_b64 = token.split(".") def b64decode(data): # Add padding if needed rem = len(data) % 4 if rem: data += '=' * (4 - rem) return base64.urlsafe_b64decode(data.encode()) header = json.loads(b64decode(header_b64)) payload = json.loads(b64decode(payload_b64)) signature = signature_b64 return { "header": header, "payload": payload, "signature": signature } except Exception as e: return {"error": str(e)}
- server.py:9-9 (registration)MCP tool registration decorator for the jwt_decode function.@server.tool()