This is the Java Command Line Tool can be used for JWT decryption and Signature Verification. Pre-requisites: ---------------- * JRE v1.8.x * Encryption Keys in JWKS format (Sample file provided : jwksEncryptionKeys.txt) * Signing Public Certificate in JWS format (Sample file provided: jwksSigningKey.txt). For Access Manager JWT Signing Public Certificate can be obtained from JSON Web Key Set Endpoint URL : https://:/nidp/oauth/nam/keys The JWTUtilityTool is an Java Eclipse project which can be imported in to Eclipse. The JWTUtilityTool can be run either of the following option Option1: Import JWTUtilityTool in Eclipse and execute TokenDecoder.java Option2: On Linux environment, execute tokenDecoder.sh The JWTUtilityTool Output: --------------------------- Enter jwt token:eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIi..... option a: plain option b:verify signature option c:decryptjwt option d:DecryptAndVerifySignature option e:Exit Choose option: d Enter the encryption key's JWKS file path:jwksEncryptionKeys.txt Enter OAuth Provider(IDP)'s Signing Key JWKS file path:jwksSigningKey.txt Kid in JWT : nam-1 Using Kid to decrypt: nam-1 Aug 15, 2017 12:15:28 AM org.jose4j.jwa.AlgorithmFactoryFactory initialize INFO: Initializing jose4j : : INFO: Initialized jose4j in 1029ms decrypted jwt is :eyJraWQiOiJuYW0tMSIsInR5cCI6IkpXUyIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJodHRwczovL3NiNDMuYmxyLm5vdmVsbC5jb20vbmlkcC9vYXV0aC9uYW0iLCJqdGkiOiI3N2RlODExOC1mOWM2LTRhMGEtODkxZi1kZWNjNzY1ZmExZDYiLCJhdWQiOiJhOGRmNmJmNC1mOTFmLTQzNjktYjE1ZS05NWJjMmJlNmJiOWEiLCJleHAiOjE1MDI3MzgyNTAsImlhdCI6MTUwMjczNDY1MCwibmJmIjoxNTAyNzM0NjIwLCJzdWIiOiJiN2QzNGI0M2ViYjQ3YTQ0MjM5OGI3ZDM0YjQzZWJiNCIsIl9wdnQiOiIxMnV4WUovd2tIOGtTQlBxeXUrblg1ejdMUVRBN2o0SjZSMjl4V0pYRGN5d1p0TlNZcW8zZUw5V3lVdUc3UXNZU2RBV29lNkpQTzBwUmFhUm5rSUh2eUgzSTM1RUhaSUladE01UCtjaDQvTC9KcVMxTW1YV2lZVjZCWDFVaHF4SStubHdvY0NJNFZpYW40SU1ZenRlRGNSbWw5SnRrU2UxSVpuYWxHYjcyM3JtZndMclZES0xHRzBFK3d6SU0wRHp6U0xUK1E1WlpHUUw3bG5BVUlEYlNBL0lPcUNYVWFZL0w0dUpZY2NNeFBmT2Z5R3JuRGpVa0JVVS9scHJEMGZuSW5UTklEZWFOVnc3NWptaHdJcHhNV2k3WE9VaU95T1B0SG5iZmtUS2J2QXBValBEYzV0ZEpzdzk4N1krMkE5U1NFelhaWWlqUnd1RWFQMVUzVEdYdnhyRGNlcUFGZlQ5WmJrUmxXWldza0ZwS2tMdTNKT1FDOGxHMkFYN1B1eEN0bmEwdTVxMUtOaFBhSGxHREdrQWd3US9qWnptZGNidFJGdDZNbnc3c0NHZWxDcWQra3doZzhlYXZlWU4xQ0FQYitTWVVnRHRaZFh4VnZxVFhGQ0pOcktXVnlPRGRPQXhVaEp1K1JQZFd1eWJJZUZZSWJCMWxKMnlRK0d5UVZIc3EyZmdOSS9qQkdXZVBZbjF5ZmtiUlphcUwrVXVGYm92VzVwZXNZK1djT2VVRGdGMHBoaVZGV1VVb0Y0UnhnanpzQ1NQbnlnQTFhb3VjQWg4YXdzZXBnPT0uMSIsInNjb3BlIjpbInVybjpuZXRpcS5jb206bmFtOnNjb3BlOm9hdXRoOnJlZ2lzdHJhdGlvbjpmdWxsIiwiZW1haWwiXX0.KBupCavTFZnB5glezqiY17ntevyVfkCJJRJpxyvU5g8So4C5jfojtv_AQhqHP-ZRf5qxWdmU1TH4znHRbsRztnlDSnY-TwGOa-6Ekj7sUHIkoOVqBKDjg6GtkUEQQJ--Oyi_y4SnQRiVCfQ4pwsMFXqSUe2v18fT5gr4uECUHhpcmWPUf_mZwP3qTvq0V3ychEgokjb8PxNDn0UmgLNH7ZSpWSDk7v8tn9tgvYXFuvHI4YpFEMjVpnddoOj1EQrrOk6KlbOiW0cESKEElX-yQ8whiq-e5_aAaFyPJSz8_GA-2Cy7DIOdXSCivDUCut3XDw-q94kfKyGwyfRXRREguw Signature verified successfully Decrypted Token: {"iss":"https://sb43.blr.novell.com/nidp/oauth/nam","jti":"77de8118-f9c6-4a0a-891f-decc765fa1d6","aud":"a8df6bf4-f91f-4369-b15e-95bc2be6bb9a","exp":1502738250,"iat":1502734650,"nbf":1502734620,"sub":"b7d34b43ebb47a442398b7d34b43ebb4","_pvt":"12uxYJ/wkH8kSBPqyu+nX5z7LQTA7j4J6R29xWJXDcywZtNSYqo3eL9WyUuG7QsYSdAWoe6JPO0pRaaRnkIHvyH3I35EHZIIZtM5P+ch4/L/JqS1MmXWiYV6BX1UhqxI+nlwocCI4Vian4IMYzteDcRml9JtkSe1IZnalGb723rmfwLrVDKLGG0E+wzIM0DzzSLT+Q5ZZGQL7lnAUIDbSA/IOqCXUaY/L4uJYccMxPfOfyGrnDjUkBUU/lprD0fnInTNIDeaNVw75jmhwIpxMWi7XOUiOyOPtHnbfkTKbvApUjPDc5tdJsw987Y+2A9SSEzXZYijRwuEaP1U3TGXvxrDceqAFfT9ZbkRlWZWskFpKkLu3JOQC8lG2AX7PuxCtna0u5q1KNhPaHlGDGkAgwQ/jZzmdcbtRFt6Mnw7sCGelCqd+kwhg8eaveYN1CAPb+SYUgDtZdXxVvqTXFCJNrKWVyODdOAxUhJu+RPdWuybIeFYIbB1lJ2yQ+GyQVHsq2fgNI/jBGWePYn1yfkbRZaqL+UuFbovW5pesY+WcOeUDgF0phiVFWUUoF4RxgjzsCSPnygA1aoucAh8awsepg==.1","scope":["urn:netiq.com:nam:scope:oauth:registration:full","email"]} NOTE: The claim “_pvt” is used by Access Manager’s private claim which can be decrypted only by Access Manager.