Commands
JWT
Commands
JWT
Documentation for the /jwt command to manipulate JSON Web Tokens
/jwt Command
The /jwt command provides tools to manipulate JSON Web Tokens (JWT).
Available Subcommands
/jwt decode
Decodes a JWT to view its content.
Usage
Options
| Option | Description | Required | Platform |
|---|---|---|---|
| token | The JWT to decode | Yes | Discord (parameter), Slack (directly after action) |
Example
Result example:
/jwt verify
Verifies a JWT signature.
Usage
Options
| Option | Description | Required | Platform |
|---|---|---|---|
| token | The JWT to verify | Yes | Discord (parameter), Slack (directly after action) |
| secret | The secret key to verify the signature | Yes | Discord (parameter), Slack (directly after action) |
Example
Successful verification result example:
JWT Structure
A JSON Web Token consists of three parts separated by dots (.):
- Header - Contains the token type and signing algorithm
- Payload - Contains the claims
- Signature - Verifies the integrity of the token
Platform-Specific Implementation
Discord Implementation
- Commands use Discord’s named parameter system (e.g.,
token:,secret:) - Responses appear in the channel where the command is invoked
Slack Implementation
- Commands use a simpler format without named parameters
- Input is provided directly after the action (e.g.,
/jwt decode <token>) - Responses are shown with formatted blocks showing header and payload as JSON
- Verification errors display specific information about the failure reason
- JWT command supports quoted arguments for tokens containing spaces
Use Cases
- Decode JWTs to inspect their content
- Verify the authenticity of a received JWT
- Understand the structure of authentication tokens
- Debug authentication issues in applications
Notes
- The command cannot create new JWTs, only decode and verify them
- JWTs may contain sensitive information, use them with caution
- The decode command does not verify the signature, use verify for that
- Very long tokens may be truncated in the preview display