jwt_decode
Decode JWT tokens to inspect header, payload, and signature components without verification for security auditing and analysis.
Instructions
Decode a JWT and return its header, payload, and signature (no verification).
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| token | Yes |
Implementation Reference
- server.py:9-29 (handler)The jwt_decode tool handler function. It is registered via the @server.tool() decorator. The function splits the JWT token into header, payload, and signature parts, base64 decodes the header and payload (handling padding), parses them as JSON, and returns a dict with header, payload, and raw signature. Errors are caught and returned as {"error": str(e)}.
@server.tool() def jwt_decode(token: str) -> dict: """Decode a JWT and return its header, payload, and signature (no verification).""" try: header_b64, payload_b64, signature_b64 = token.split(".") def b64decode(data): # Add padding if needed rem = len(data) % 4 if rem: data += '=' * (4 - rem) return base64.urlsafe_b64decode(data.encode()) header = json.loads(b64decode(header_b64)) payload = json.loads(b64decode(payload_b64)) signature = signature_b64 return { "header": header, "payload": payload, "signature": signature } except Exception as e: return {"error": str(e)}