JWTDetails PowerShell Module for Decoding JWT Access Tokens with readable Token Expiry Time

Updated: 15 June 2020 – JWTDetails updated to v1.0.2

Fixes issue related to time zones with 30min offsets
Code Signed

I’ve just published my first PowerShell Module to the PowerShell Gallery. The JWTDetails PowerShell Module contains the Get-JWTDetails cmdlet that decodes a JWT Access Token and converts it to a PowerShell Object. But wait, there’s more. The reason I created this module is because I always need to know what is the Expiry Time for a JWT Access Token. The returned PowerShell Object from my Get-JWTDetails cmdlet in the JWTDetails Module also includes the expiry date-time in PowerShell DateTime format as ‘expiryDateTime‘. It also includes the ‘timeToExpiry‘ for the Access Token, also in PowerShell DateTime format.

This means you can keep calling the Get-JWTDetails cmdlet with an access token and inspect the ‘expiryDateTime‘ or ‘timeToExpiry‘ fields to determine whether its time for you to go and get a new JWT Access Token.

Installing the JWTDetails PowerShell Module

I’ve published the module to the PowerShell Gallery. Therefore with PowerShell 5.1 and later you can install direct from the PowerShell Gallery (in an Administrative PowerShell Session) using Install-Module.

Install-Module -name JWTDetails

The JWTDetails module contains a single cmdlet ‘Get-JWTDetails‘.

Using Get-JWTDetails

Using Get-JWTDetails is super simple. Import the module and then pass it a JWT Access Token. I’ve been using it with Microsoft Azure and SailPoint IdentityNow JWT Tokens.

Passing the cmdlet a valid SailPoint IdentityNow Access Token as a discrete string, you will be returned the details of the Access Token including the expiry in easy to read format.

Providing the cmdlet with a valid Azure Access Token passed in as a variable you will be returned the details of the Access Token including the expiry in easy to read format.

Access Token Expiry Details

Let’s put the decoded token into a variable so that we can then easily look at the expiryDateTime and timeToExpiry values. We could then in our scripts define logic about when to refresh our Access Token.

The Module Code

Interested in the PowerShell Module Code, or want to enhance it? Sure thing. I’ve uploaded the module to a Public Repository on Github here.

Summary

By publishing this module to the PowerShell Gallery I have a much quicker method of installing the module on each new workstation/environment that I’m in. Hopefully it helps someone else too.

Decoding JWT Access Tokens using PowerShell.

To decode JWT Access Tokens using PowerShell:

Install the JWTDetails PowerShell Module;
– Install-Module -name JWTDetails
Use the Get-JWTDetails cmdlet to decode the access token;
– [JWT Access Token] | Get-JWTDetails

Applies To : PowerShell

Darren Robinson

Bespoke learnings from a Microsoft Identity and Access Management Architect using lots of Microsoft Identity Manager, Azure Active Directory, PowerShell, SailPoint IdentityNow and Lithnet products and services.