DebugPointer
Regex
regex
January 6, 20234 min read

Regex for JWT Token

A JSON Web Token (JWT) is a JSON-based open standard (RFC 7519) for creating access tokens that assert some number of claims. JWTs are used to securely transmit information between parties. The information can be verified and trusted because it is digitally signed. JWTs are often used to authenticate users. In this article let's understand how we can create a regex for JWT Tokens and how regex can be matched for JWT Tokens.

Regex (short for regular expression) is a powerful tool used for searching and manipulating text. It is composed of a sequence of characters that define a search pattern. Regex can be used to find patterns in large amounts of text, validate user input, and manipulate strings. It is widely used in programming languages, text editors, and command line tools.

Structure of JWT Token

  • It has to be six digits.
  • It should not start with zero.
  • First digit of the pin code must be from 1 to 9.
  • Next five digits of the pin code may range from 0 to 9.
  • It should allow only one white space, but after three digits, although this is optional.

Regex for checking if JWT Token is valid or not

Regular Expression-

/^([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_\-\+\/=]*)/gm

Test string examples for the above regex-

Input StringMatch Output
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJncm91cCI6ImFuZHJvaWQiLCJhdWQiOiJhbmRyb2lkIiwiaXNzIjoiYXBpLnNvY2lhbGRlYWwubmwiLCJtZW1iZXIiOnsibmFtZSI6ImVyaWsifSwiZXhwIjoxNDUyMDgzMjA3LCJpYXQiOjE0NTE5OTY4MDd9.u7ZBa9RB8U4QL8eBk4hmsjg8oFW19AHuen12c8CvLMj0IQUsNqeC-vwNQvAINpgBM0bzDf5cotyrUzf55eXch6mzfKMa-OJXguO-lARp4fc40HaBWbfnEvGe7yEgSESkt6gJNuprG51A6f4AJyNlXG_3u7O4bAMwiPZJc3AAU84_JXC7Vlq1X3FMaLVGmZdxzA4TvYZEiTt_KHoA49UgzeZtNXo3YiDq-GgL1eV8Li01fwy-M--xzbp4cPcY89jkPyYxUIJEoITOULr3zXQwRfYVe6i0P28oyu5ZzAwYCajBb2T98zN7sFJarNmtcxSKNfhCPnMVn3wrpxx4_Kd2amatches
000121does not match

Here is a detailed explanation of the above regex-

/^([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_=]+)\.([a-zA-Z0-9_\-\+\/=]*)/gm

^ asserts position at start of the string
1st Capturing Group ([a-zA-Z0-9_=]+)
Match a single character present in the list below [a-zA-Z0-9_=]
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
a-z matches a single character in the range between a (index 97) and z (index 122) (case sensitive)
A-Z matches a single character in the range between A (index 65) and Z (index 90) (case sensitive)
0-9 matches a single character in the range between 0 (index 48) and 9 (index 57) (case sensitive)
_= matches a single character in the list _= (case sensitive)
\. matches the character . with index 4610 (2E16 or 568) literally (case sensitive)
2nd Capturing Group ([a-zA-Z0-9_=]+)
Match a single character present in the list below [a-zA-Z0-9_=]
+ matches the previous token between one and unlimited times, as many times as possible, giving back as needed (greedy)
a-z matches a single character in the range between a (index 97) and z (index 122) (case sensitive)
A-Z matches a single character in the range between A (index 65) and Z (index 90) (case sensitive)
0-9 matches a single character in the range between 0 (index 48) and 9 (index 57) (case sensitive)
_= matches a single character in the list _= (case sensitive)
\. matches the character . with index 4610 (2E16 or 568) literally (case sensitive)
3rd Capturing Group ([a-zA-Z0-9_\-\+\/=]*)
Match a single character present in the list below [a-zA-Z0-9_\-\+\/=]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
a-z matches a single character in the range between a (index 97) and z (index 122) (case sensitive)
A-Z matches a single character in the range between A (index 65) and Z (index 90) (case sensitive)
0-9 matches a single character in the range between 0 (index 48) and 9 (index 57) (case sensitive)
_ matches the character _ with index 9510 (5F16 or 1378) literally (case sensitive)
\- matches the character - with index 4510 (2D16 or 558) literally (case sensitive)
\+ matches the character + with index 4310 (2B16 or 538) literally (case sensitive)
\/ matches the character / with index 4710 (2F16 or 578) literally (case sensitive)
= matches the character = with index 6110 (3D16 or 758) literally (case sensitive)
Global pattern flags
g modifier: global. All matches (don't return after first match)
m modifier: multi line. Causes ^ and $ to match the begin/end of each line (not only begin/end of string)

Hope this article was useful to match JWT token regex pattern.

Share this blog
Tagged in :
regex
Like what you read?
Subscribe to our Newsletter
Subscribe to our email newsletter and unlock access to members-only content and exclusive updates.
About the Author
Satvik
Satvik
Entrepreneur
Satvik is a passionate developer turned Entrepreneur. He is fascinated by JavaScript, Operating System, Deep Learning, AR/VR. He has published several research papers and applied for patents in the field as well. Satvik is a speaker in conferences, meetups talking about Artificial Intelligence, JavaScript and related subjects. His goal is to solve complex problems that people face with automation. Related projects can be seen at - [Projects](/projects)
View all articles
Latest articles from Satvik:
Optimising
1
Optimising Conditional Statements in JavaScript
May 5, 2023
Identify
2
Identify and fix performance bottlenecks in your code
May 8, 2023
Related Articles
Regex
1
Regex for Debit Card validation
January 19, 2023
5 min read
Regex
2
Regex for AWS ARN
January 19, 2023
5 min read
Regex
3
Regex for words with hyphen
January 19, 2023
2 min read
Regex
4
Regex for Username validation
January 18, 2023
2 min read
Previous Article
Regex for Fullstop
January 7, 20232 min read
Next Article
Regex for one or more negative digits number
January 5, 20232 min read