/jwt Command

The /jwt command provides tools to manipulate JSON Web Tokens (JWT).

Available Subcommands

/jwt decode

Decodes a JWT to view its content.

Usage

/jwt decode token: <jwt>

Options

OptionDescriptionRequiredPlatform
tokenThe JWT to decodeYesDiscord (parameter), Slack (directly after action)

Example

/jwt decode token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Result example:

Header:
{
  "alg": "HS256",
  "typ": "JWT"
}

Payload:
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

/jwt verify

Verifies a JWT signature.

Usage

/jwt verify token: <jwt> secret: <secret key>

Options

OptionDescriptionRequiredPlatform
tokenThe JWT to verifyYesDiscord (parameter), Slack (directly after action)
secretThe secret key to verify the signatureYesDiscord (parameter), Slack (directly after action)

Example

/jwt verify token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c secret: your-256-bit-secret

Successful verification result example:

Header:
{
  "alg": "HS256",
  "typ": "JWT"
}

Payload:
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

JWT Structure

A JSON Web Token consists of three parts separated by dots (.):

  1. Header - Contains the token type and signing algorithm
  2. Payload - Contains the claims
  3. Signature - Verifies the integrity of the token

Platform-Specific Implementation

Discord Implementation

  • Commands use Discord’s named parameter system (e.g., token:, secret:)
  • Responses appear in the channel where the command is invoked

Slack Implementation

  • Commands use a simpler format without named parameters
  • Input is provided directly after the action (e.g., /jwt decode <token>)
  • Responses are shown with formatted blocks showing header and payload as JSON
  • Verification errors display specific information about the failure reason
  • JWT command supports quoted arguments for tokens containing spaces

Use Cases

  • Decode JWTs to inspect their content
  • Verify the authenticity of a received JWT
  • Understand the structure of authentication tokens
  • Debug authentication issues in applications

Notes

  • The command cannot create new JWTs, only decode and verify them
  • JWTs may contain sensitive information, use them with caution
  • The decode command does not verify the signature, use verify for that
  • Very long tokens may be truncated in the preview display