How to decode jwt in php/laravel without the secret key or without validation?

Question

So my situation is I am receiving a jwt from another api. If I want to verify the jwt, I will also send a request to that API.

If I want to decode it in my frontend Javascript (React), I just need to get the jwt-decode library. This library doesn't check if the token is still valid, it just decodes it.

Now I'm looking for a similar way to achieve this in php/laravel. I checked tymon/jwt-auth and firebase/php-jwt. Both only works if the token is created by the same library. Firebase jwt requires key when you decode a token and it is nowhere in Tymon's docs how you will decode token created from other library...

So that's basically is my issue, is there a way to decode jwt created by another library with php/laravel?

Answer 1

You only need to explode your JWT response before decoding. JWT is just base64 url encoded parts separated by dots (.) and index 1 is your payloads.

Your encoded string is replaced with the $response mentioned below.

$response = explode('.', $response);
$response = base64_decode($response[1]);

Answer 2

You can decode JWT using https://www.php.net/manual/en/function.base64-decode.php or https://www.php.net/manual/en/function.sodium-base642bin.php

JWT is just base64 url encoded parts separated by dots https://jwt.io/

Answer 3

More precisely, we have to split the JWT before applying the base64 decoding to its payload, as explained on https://github.com/firebase/php-jwt/issues/68#issuecomment-244768025.

Example:

            list($header, $payload, $signature) = explode('.', $encodedToken);
            $jsonToken = base64_decode($payload);
            $arrayToken = json_decode($jsonToken, true);
            print_r($arrayToken);