Try it yourself with our free Jwt Decoder tool — runs entirely in your browser, no signup needed.

How to Decode JWT tokens in Ruby

How to decode JWT tokens in Ruby

JSON Web Tokens (JWT) have become a widely adopted standard for authentication and authorization in web applications. When working with JWTs, it's often necessary to decode the token to extract the payload and verify its authenticity. In this article, we'll explore how to decode JWT tokens in Ruby, covering the basics, common edge cases, and performance tips.

Quick Example

Here's a minimal example to get you started:

require 'jwt'

def decode_jwt(token)
  begin
    decoded_token = JWT.decode(token, nil, false)
    decoded_token[0]
  rescue JWT::VerificationError
    nil
  end
end

token = "your_jwt_token_here"
decoded_payload = decode_jwt(token)
puts decoded_payload

This code uses the jwt gem to decode a JWT token. Make sure to install the gem by running gem install jwt in your terminal.

Step-by-Step Breakdown

Let's break down the code:

require 'jwt'

We start by requiring the jwt gem, which provides the necessary functionality for working with JWTs.

def decode_jwt(token)

We define a method decode_jwt that takes a JWT token as an argument.

begin
  decoded_token = JWT.decode(token, nil, false)
  decoded_token[0]

Inside the method, we use the JWT.decode method to decode the token. The second argument is the secret key, which is nil in this case since we're only decoding the token, not verifying it. The third argument is a boolean indicating whether to verify the token's signature, which we set to false. The decoded token is an array containing the payload and the header, so we return the first element (decoded_token[0]) which is the payload.

rescue JWT::VerificationError
  nil

We rescue the JWT::VerificationError exception, which is raised when the token is invalid or corrupted. In this case, we return nil.

Handling Edge Cases

Empty/null input

token = nil
decoded_payload = decode_jwt(token) # returns nil

In this case, the decode_jwt method will return nil since the input is empty.

Invalid input

token = "invalid_token"
decoded_payload = decode_jwt(token) # raises JWT::VerificationError

When the input is invalid, the decode_jwt method will raise a JWT::VerificationError.

Large input

token = "a_very_long_jwt_token_that_exceeds_the_maximum_size"
decoded_payload = decode_jwt(token) # raises JWT::VerificationError

If the input token is too large, the decode_jwt method will raise a JWT::VerificationError.

Unicode/special characters

token = "your_jwt_token_with_unicode_characters"
decoded_payload = decode_jwt(token) # works as expected

The jwt gem handles Unicode and special characters correctly, so you don't need to worry about encoding issues.

Common Mistakes

1. Not rescuing JWT::VerificationError

# wrong code
def decode_jwt(token)
  JWT.decode(token, nil, false)
end

# corrected code
def decode_jwt(token)
  begin
    JWT.decode(token, nil, false)
  rescue JWT::VerificationError
    nil
  end
end

Not rescuing the JWT::VerificationError exception can lead to unexpected behavior.

2. Not checking for nil input

# wrong code
def decode_jwt(token)
  JWT.decode(token, nil, false)
end

# corrected code
def decode_jwt(token)
  return nil if token.nil?
  JWT.decode(token, nil, false)
end

Not checking for nil input can lead to a NoMethodError.

3. Using the wrong secret key

# wrong code
def decode_jwt(token)
  JWT.decode(token, "wrong_secret_key", false)
end

# corrected code
def decode_jwt(token)
  JWT.decode(token, nil, false)
end

Using the wrong secret key can lead to incorrect decoding or verification.

Performance Tips

1. Use the jwt gem's built-in caching

require 'jwt/cache'

def decode_jwt(token)
  JWT::Cache.decode(token, nil, false)
end

The jwt gem provides a built-in caching mechanism that can improve performance.

2. Use a faster JSON parser

require 'oj'

def decode_jwt(token)
  Oj.load(JWT.decode(token, nil, false))
end

Using a faster JSON parser like oj can improve performance.

3. Avoid unnecessary decoding

def decode_jwt(token)
  return nil if token.nil? || token.empty?
  JWT.decode(token, nil, false)
end

Avoid decoding empty or nil tokens to reduce unnecessary computation.

FAQ

Q: What is the difference between JWT.decode and JWT.verify?

A: JWT.decode only decodes the token, while JWT.verify verifies the token's signature in addition to decoding it.

Q: How do I handle token expiration?

A: You can check the exp claim in the decoded payload to determine if the token has expired.

Q: Can I use the jwt gem with other programming languages?

A: No, the jwt gem is specific to Ruby.

Q: How do I generate a JWT token?

A: You can use the JWT.encode method to generate a JWT token.

Q: What is the maximum size of a JWT token?

A: The maximum size of a JWT token is not strictly defined, but it's generally recommended to keep tokens under 4KB.

Related Resources

Jwt Decoder

Use the interactive jwt decoder tool

More Jwt Decoder Examples

See all languages and use cases

All Code Examples

Browse examples for every language and use case

All Developer Tools

50+ free online developer tools

AI agent tools available. The CodeTidy MCP Server gives Claude, Cursor, and other AI agents access to 60+ developer tools. One command: npx @codetidy/mcp