Decoding the token doesn't work

Options
SB
SB Member
in ❓Other questions
I go to https://jwt.io/ to try to decode my token but it says that the token is not a proper json (see image). Is it not possible to decode a Xano auth token?

[image.png]
· Share on Twitter

Comments

  • Sean Montgomery
    Sean Montgomery Administrator

    ADMIN
    Options
     

    The Xano Authentication token is a JWE token which means the encrypted version of a JWT token. This is on purpose.

    You can definitely decode the token, but you need the secret key applied to your workspace.
    · Share on Twitter
  • Ivan Pomortsev
    Ivan Pomortsev Member
    edited November 2022
    Options

    So, if access token is expired we can't even debug it to understand what's wrong?

    Or is it possible to get access to the secret key applied to our workspaces?

    · Share on Twitter
  • Ray Deck
    Ray Deck Trusted Xano Expert ✭✭✭
    Options

    Hey @Ivan Pomortsev, the Xano built in auth comes with limitations, but you can roll your own access token regime if you want to get around them and be able to inspect tokens yourself. The security functions in Xano make that relatively painless, and you can just drop the function that validates the token at the top of each of your would-be authenticated endpoints. It's a bit more work, but not a ton. (I did something like this for an iteration of ethereum wallet based authentication)

    · Share on Twitter

Categories