decode static method
Decode a token without checking its signature
This also sets JWT.audience, JWT.subject, JWT.issuer, and JWT.jwtId even though they are not verified. Use with caution.
Implementation
static JWT decode(String token) {
try {
final parts = token.split('.');
if (parts.length < 2 || parts[0].isEmpty || parts[1].isEmpty) {
throw JWTInvalidException('invalid token structure');
}
var header = jsonBase64.decode(base64Padded(parts[0]));
dynamic payload;
try {
payload = jsonBase64.decode(base64Padded(parts[1]));
} catch (ex) {
payload = utf8.decode(base64Url.decode(base64Padded(parts[1])));
}
final Audience? audience;
final String? issuer;
final String? subject;
final String? jwtId;
if (payload is Map) {
audience = _parseAud(payload['aud']);
issuer = payload['iss']?.toString();
subject = payload['sub']?.toString();
jwtId = payload['jti']?.toString();
} else {
audience = null;
issuer = null;
subject = null;
jwtId = null;
}
return JWT(
payload,
header: header is! Map<String, dynamic> ? null : header,
audience: audience,
issuer: issuer,
subject: subject,
jwtId: jwtId,
);
} catch (ex, stackTrace) {
if (ex is Exception && ex is! JWTException) {
throw JWTUndefinedException(ex, stackTrace);
} else {
rethrow;
}
}
}