decode function

List<Map<String, dynamic>> decode(String token)

Decodes token without verifying the signature or validating claims.

Returns [header, payload] as a two-element list. Throws JwtException when the token is structurally malformed.

final [header, payload] = decode(token);
print(header['alg']);   // 'HS256'
print(payload['sub']);  // 'user123'

Implementation

List<Map<String, dynamic>> decode(String token) {
  final parts = token.split('.');
  if (parts.length != 3) throw const JwtException('Malformed token');

  try {
    final header = Map<String, dynamic>.from(
      jsonDecode(utf8.decode(_b64urlDecode(parts[0]))) as Map,
    );
    final payload = Map<String, dynamic>.from(
      jsonDecode(utf8.decode(_b64urlDecode(parts[1]))) as Map,
    );
    return [header, payload];
  } catch (_) {
    throw const JwtException('Malformed token');
  }
}