---
title: JWT_DECODE
url: https://www.tines.com/docs/formulas/functions/jwt-decode/
kind: formula-function
---

*[tines.com](https://www.tines.com/llms.txt) › [Docs](https://www.tines.com/docs/llms.txt) › [Formulas](https://www.tines.com/llm/docs/formulas.md) › [Functions](https://www.tines.com/llm/docs/formulas/functions.md)*

# JWT_DECODE

*[View on tines.com](https://www.tines.com/docs/formulas/functions/jwt-decode/)*

Decodes and optionally verifies a JWT token using the provided secret/key and algorithm. Returns an object containing the payload, header, and verification status.

Supports HMAC (HS256/HS384/HS512), RSA (RS256/RS384/RS512), and ECDSA (ES256/ES384/ES512) algorithms. Can validate standard JWT claims like exp, nbf, iss, aud, jti, sub, and custom required claims. Supports JWK (JSON Web Key) and JWKS (JSON Web Key Set) formats. 

 The options should be provided in the same manner as the options for the [JWT.decode](https://github.com/jwt/ruby-jwt?tab=readme-ov-file#algorithms-and-usage) function (e.g., `verify`, `jwks`, `verify_expiration`, `verify_not_before`, `leeway`, `iss`/`verify_iss`, `aud`/`verify_aud`, `sub`/`verify_sub`, `jti`/`verify_jti`, `required_claims`). For example, to verify the iss claim: `iss: "my-app", verify_iss: TRUE`

**Categories:** Hashing/Signing

## Syntax

```
JWT_DECODE(token, secret_or_key, algorithm, **options)
```

## Examples

### Example 1

Input:

```json
{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxMjN9.FoW4dUPr9HWzOI8S7Ohpe3hGULZEJhNJeouOX8f1sz8"
}
```

Formula:

```
JWT_DECODE(token, "secret", "HS256")
```

Output:

```json
{
  "payload": {
    "user_id": 123
  },
  "header": {
    "alg": "HS256"
  },
  "verified": true
}
```

### Example 2

Input:

```json
{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxMjN9.invalid_signature"
}
```

Formula:

```
JWT_DECODE(token, "secret", "HS256", verify: FALSE)
```

Output:

```json
{
  "payload": {
    "user_id": 123
  },
  "header": {
    "typ": "JWT",
    "alg": "HS256"
  },
  "verified": false
}
```

### Example 3

Input:

```json
{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJteWFwcCIsInVzZXJfaWQiOjEyM30.signature",
  "rsa_public_key": "-----BEGIN PUBLIC KEY-----\\n...\\n-----END PUBLIC KEY-----"
}
```

Formula:

```
JWT_DECODE(token, rsa_public_key, "RS256", iss: "myapp", verify_iss: TRUE)
```

Output:

```json
{
  "payload": {
    "iss": "myapp",
    "user_id": 123
  },
  "header": {
    "typ": "JWT",
    "alg": "RS256"
  },
  "verified": true
}
```

### Example 4

Input:

```json
{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyX2lkIjoxMjN9.signature",
  "jwk_key": {
    "kty": "RSA",
    "n": "base64url_encoded_modulus",
    "e": "AQAB"
  }
}
```

Formula:

```
JWT_DECODE(token, jwk_key, "RS256")
```

Output:

```json
{
  "payload": {
    "user_id": 123
  },
  "header": {
    "typ": "JWT",
    "alg": "RS256"
  },
  "verified": true
}
```

### Example 5

Input:

```json
{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIn0.eyJ1c2VyX2lkIjoxMjN9.signature",
  "jwks_set": {
    "keys": [
      {
        "kty": "RSA",
        "kid": "key-1",
        "use": "sig",
        "alg": "RS256",
        "n": "base64url_encoded_modulus",
        "e": "AQAB"
      }
    ]
  }
}
```

Formula:

```
JWT_DECODE(token, NULL, "RS256", jwks: jwks_set)
```

Output:

```json
{
  "payload": {
    "user_id": 123
  },
  "header": {
    "typ": "JWT",
    "alg": "RS256",
    "kid": "key-1"
  },
  "verified": true
}
```
