crowdsec/test/bin/decode-jwt

#!/usr/bin/env python3

import base64
import json
import sys


def decode_base64url(data):
    # Not the same as "bin/base64 -d":
    # + -> -
    # / -> _
    # = -> ''
    pad = len(data) % 4
    if pad > 0:
        data += '=' * (4 - pad)
    return base64.urlsafe_b64decode(data)


def decode_jwt(token):
    token = token.rstrip('\n')
    header, payload, signature = token.split('.')
    decoded_header = json.loads(decode_base64url(header))
    decoded_payload = json.loads(decode_base64url(payload))
    # the signature is binary, so we don't decode it

    return decoded_header, decoded_payload, signature


def main():
    header, payload, signature = decode_jwt(sys.stdin.read())
    out = {
        'header': header,
        'payload': payload,
        'signature': signature,
    }
    print(json.dumps(out, indent=4))


if __name__ == '__main__':
    main()