Skip to main content
Version: Next

Reading the JWT Payload

The getJWTPayloadSecurely function#

import SuperTokens from 'supertokens-website';
let payload = await SuperTokens.getJWTPayloadSecurely();

Returns a Promise<JSON object> or throws an error in case reading failed.

Security
  • This does not read from the access token, since that is in httpOnly cookie. Instead, it reads from another token that contains a copy of the payload in the access token.
  • This is not a security issue since the access token payload by itself is not enough to grant access to an API.