Cannot Decode Access Token or "Corrupted JWT"

Problem statement

We often try to decode an opaque JWE token on our Client Application but we get some errors.

A JWE token looks like this:
This is an example copied from RFC 7516 - JSON Web Encryption (JWE), but edited a bit. Unlike JWT, it has 4 dots (.) in it, and the 2nd part of the token between the 2nd and the 3rd dots is empty.

eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ..
48V1_ALb6US04U3b.
5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji
SdiwkIr3ajwQzaBtQD_A.
XFBoMYUZodetZdvTiFvSkQ

Cause

When you get an Access Token without specifying an audience, it becomes an opaque JWE token that only makes sense to our internal (Authentication) API.

Solution

You should not decode an Access Token and rely on its payload on a Client Application. Instead a resource server (API) should do that. If you are confused by the concept of Access Token/Oauth, please check this articles of ours: