How to unpack the access token?

I need to be able to unpack the payload of the access token in order to look at the claims stored in it.

With auth0.js, it already provides idTokenPayload but there doesn’t seem to be an equivalent for the access token.

Is there code within auth0.js that I can call to unpack the access token or do I need to find an additional library to do it?


Hi @philip.colmer

Are you working with a SPA? Unless it is a SPA, the access token should not be available in the browser.

As long as you provide an audience in the authorize request, the access token is just a JWT and can be decoded as such. There are many libraries to help with this, but I don’t think auth0.js will do it for you due to the above.


1 Like

Yes, I’m using Gatsby to build a React-based web site. The access token will be used with an API endpoint that is registered with Auth0 and the API code will be using the claims in the access token to determine what the caller can do.

I need access to the same information for the web site in order to control what gets displayed. I know that I can duplicate the information into the ID token by updating the rule but I was trying to avoid duplication as that could lead to the information in the two tokens getting out of sync.