( accessToken: string, )
| 83 | * server is the only thing that verifies the token's signature. |
| 84 | */ |
| 85 | export const decodeAccessTokenClaims = ( |
| 86 | accessToken: string, |
| 87 | ): Record<string, unknown> | undefined => { |
| 88 | const segments = accessToken.split("."); |
| 89 | if (segments.length !== 3) return undefined; |
| 90 | const payloadSegment = segments[1]; |
| 91 | if (!payloadSegment) return undefined; |
| 92 | try { |
| 93 | const json = Buffer.from(payloadSegment, "base64url").toString("utf8"); |
| 94 | const claims = JSON.parse(json) as unknown; |
| 95 | return claims && typeof claims === "object" ? (claims as Record<string, unknown>) : undefined; |
| 96 | } catch { |
| 97 | return undefined; |
| 98 | } |
| 99 | }; |
| 100 | |
| 101 | /** Read `exp` (epoch seconds) out of a JWT access token without verifying it. */ |
| 102 | export const accessTokenExpiry = (accessToken: string): number | undefined => |
no test coverage detected