Skip to main content

Version: 8.2.X

Reading the JWT Payload

The `getJWTPayloadSecurely` function#

Via NPM
Via Script Tag

import SuperTokens from 'supertokens-website';

let payload = await SuperTokens.getJWTPayloadSecurely();

let payload = await supertokens.getJWTPayloadSecurely();

Returns a Promise<JSON object> or throws an error in case reading failed.

Security

This does not read from the access token, since that is in httpOnly cookie. Instead, it reads from another token that contains a copy of the payload in the access token.
This is not a security issue since the access token payload by itself is not enough to grant access to an API.

The getJWTPayloadSecurely function