Function: jwtDecrypt()
August 29, 2025 ยท View on GitHub
๐ Help the project
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
Call Signature
โธ jwtDecrypt<PayloadType>(jwt, key, options?): Promise<JWTDecryptResult<PayloadType>>
Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT Claims Set.
This function is exported (as a named export) from the main 'jose' module entry point as well
as from its subpath export 'jose/jwt/decrypt'.
Type Parameters
| Type Parameter | Default type |
|---|---|
PayloadType | JWTPayload |
Parameters
| Parameter | Type | Description |
|---|---|---|
jwt | string | Uint8Array | JSON Web Token value (encoded as JWE). |
key | Uint8Array | CryptoKey | JWK | KeyObject | Private Key or Secret to decrypt and verify the JWT with. See Algorithm Key Requirements. |
options? | JWTDecryptOptions | JWT Decryption and JWT Claims Set validation options. |
Returns
Promise<JWTDecryptResult<PayloadType>>
Example
const secret = jose.base64url.decode('zH4NRP1HMALxxCFnRZABFA7GOJtzU_gIj02alfL1lvI')
const jwt =
'eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..MB66qstZBPxAXKdsjet_lA.WHbtJTl4taHp7otOHLq3hBvv0yNPsPEKHYInmCPdDDeyV1kU-f-tGEiU4FxlSqkqAT2hVs8_wMNiQFAzPU1PUgIqWCPsBrPP3TtxYsrtwagpn4SvCsUsx0Mhw9ZhliAO8CLmCBQkqr_T9AcYsz5uZw.7nX9m7BGUu_u1p1qFHzyIg'
const { payload, protectedHeader } = await jose.jwtDecrypt(jwt, secret, {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
})
console.log(protectedHeader)
console.log(payload)
Call Signature
โธ jwtDecrypt<PayloadType>(jwt, getKey, options?): Promise<JWTDecryptResult<PayloadType> & ResolvedKey>
Type Parameters
| Type Parameter | Default type |
|---|---|
PayloadType | JWTPayload |
Parameters
| Parameter | Type | Description |
|---|---|---|
jwt | string | Uint8Array | JSON Web Token value (encoded as JWE). |
getKey | JWTDecryptGetKey | Function resolving Private Key or Secret to decrypt and verify the JWT with. See Algorithm Key Requirements. |
options? | JWTDecryptOptions | JWT Decryption and JWT Claims Set validation options. |
Returns
Promise<JWTDecryptResult<PayloadType> & ResolvedKey>