Discussions

Ask a Question
Back to All

API: Why do we need to decode the JWT, can't you decode it for us?

(edited)

In the API, it looks like the user_id is required to do anything useful. To get this user_id, I need to (manually, externally) decode the JWT, and I'm in a sandboxed language that doesn't have the bits to do it easily.

Since I've only just made an API call to get the JWT Token, why not include the decoded user_in in that API. Then you'll completely remove the need to have the clients do custom work (client-side) to decode it.

For now, I'll put my Device on hold (for Hubitat Elevation) as I can't see an easy way around it, as I don't have the necessary libs (and can't load them into Hubitat)

EDIT: Ok, without the lib, looks like I can BASE64 decode the middle part (from doc) to extract the UID. Seems like an unnecessary step, since I'm effectively "trusting" the result in order to do this, so might as well provide the raw UID for those that don't have the necessary kit to decode & validate it correctly.