Decoding JWT and testing results in Postman



  • We are implementing a new service which requires Authorisation by the way of a JWT.

    I already have the submission and returned body containing the "access_token"

    My question is how do I set up a call to decode the JWT (I have the following from a google search:)

    function jwt_decode(JWT) { var parts = JWT.split('.'); // header, payload, signature return JSON.parse(atob(parts1)); }

    Once I have it decoded I then need to test that the relevant information is contained within.

    I think I will need an environment/user file to store some variables but I'm not sure what I would need to store.

    I currently have a "POST" to generate the "access_token", but not sure what to do next. Do I need a "GET" to decode the JWT? What Authorisation do I need?

    EDIT

    So I've got my "access token" into an environment variable. What I want to do now is decode the Access token and split it out so that I can confirm (Create Tests) the individual results in the PayloadEncoded and decoded JWT.  I need to the the contents of the Payload section (circled in Red)

    Any comments or suggestions would be appreciated. Can I do that within the same Post Call in postman, does it need a separate "POST" or "GET". I'm a QA with little Javascript (if that's what Postman uses for testing) experience so please be clear in any replies. Thanks



  • I am not sure what you want to do, if you are able to extract the access_token then i believe that you know to use the test script session in postman

    Assuming you have the access_token stored in environmental variable swt:

    you can use the below code in the same post request after you have stored the jwt to variable: (Keep this code in "Tests" tab and not pre-requisite scripts)

     function jwt_decode(a) {
        var parts = a.split('.'); // header, payload, signature
        return JSON.parse(atob(parts[1]));
    }
    
    pm.test("validate data", function () {
        //Get the token
        var a=pm.environment.get("swt");
        
        //call your function to decode it
        let decodedData=jwt_decode(a);
        
        
    
        //print the decodedData to console to see the structure
        console.log(decodedData);
        
         //print the required field and print it to console to see the value
        console.log(decodedData.iss);
     
        //validate it using pm expect
        pm.expect(decodedData.iss).to.deep.equal("toptal.com");
    });
    

    you can open console by going to view>show postman console. Clear everything and click send again:

    enter image description here

    if you want to use the swt variable in other requests you can do it as below:

    enter image description here

    1. Goto "Authorization" tab
    2. Select the authorization type you want, usually its bearer token for jwt
    3. in the input field give {{swt}} (you can refer a variable anywhere in postman using the double curly bracket)

    if you want to pass it as header , then go to header field and provide value as {{swt}} with correct 'Field' name



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2