I've configured Postman to retrieve my JWT access token from my Identity Provider. I'd like to store some of the properties stored in the access token as variables (e.g sub, aud, scope).
jwt.io can decode the access token so I was wondering if there was anything in Postman (I couldn't find anything) or some other way to do this.
Postman supports cryptojs library : https://learning.postman.com/docs/writing-scripts/script-references/postman-sandbox-api-reference/#using-external-libraries
Add below example to postman test script:
let jwt = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0b3B0YWwuY29tIiwiZXhwIjoxNDI2NDIwODAwLCJodHRwOi8vdG9wdGFsLmNvbS9qd3RfY2xhaW1zL2lzX2FkbWluIjp0cnVlLCJjb21wYW55IjoiVG9wdGFsIiwiYXdlc29tZSI6dHJ1ZX0.UsrGn95rk5DStcC_WwIr3WIv5rHe2IApX56I58l8uyo`
a = jwt.split('.');
//a.forEach(function (val) {
var words = CryptoJS.enc.Base64.parse(a[1]);
var textString = CryptoJS.enc.Utf8.stringify(words);
console.log(textString)
//})
Output:
The hmacSHA256 is not an encryption algorithm but an Hashing algorithm so there is no way to decode it as hashing is one-way function.
as the last part is in the form
HMACSHA256 of ( base64(header) + "." + base64(body) )
you can try creating it and equating both are equal