https://community.appian.com/discussions/f/plug-ins/34929/ways-to-decode-a-jwtHi all, I have seen that the decodeJWT function of JWT Tools plug-in returns the decoded token but only if the signature is valid, otherwise it returns null. This function needs jwks url to retrieve the proper public key and validate the given tokenen-USTelligent Community 12https://community.appian.com/thread/135272?ContentTypeID=1Tue, 14 May 2024 09:59:29 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:0b9325cc-3add-4d15-b99f-edaf738c8a5cJJ Ca&#241;as<p>The client has told us that the tokens will arrive encrypted to Appian, so the first thing we have to do is decrypt them with a private key stored in scs (I don&#39;t know if the <a href="/b/appmarket/posts/encryption-functions">Encryption Functions</a> plug-in will help us) and then validate the signature with the public key stored in jwks (we can do this with the&nbsp;<span>decodeJWT function of&nbsp;</span><a href="/b/appmarket/posts/jwt-web-token-tools">JWT Tools</a><span>&nbsp;plug-in).&nbsp;</span></p><div style="clear:both;"></div>https://community.appian.com/thread/135022?ContentTypeID=1Thu, 09 May 2024 07:29:28 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:42ea3b2c-8a99-4156-be82-fedee5e21950Stefan Helzle<p>I think that the whole point of a JWT validation is, that you first validate the signature using the public key. If you can&#39;t do that any further process is pointless.</p><div style="clear:both;"></div>