Using PowerShell to look at an Entra External ID JWT

Traders token — The Portable Antiquities Scheme/ The Trustees of the British Museum, CC BY-SA 2.0

There’s a useful cmdlet here.

This displays the JWT details and the expiration date in readable form, and the time to expiry.

Install by:

install-module -name jwtdetails

Then look at the JWT by:

 Get-JWTDetails ('eyJ...kPg')

Login as an Entra External ID user and capture the ID token / JWT.

Run the command.

This shows:

aud                : 56d...24c
iss                : https://login.microsoftonline.com/3ef...2.0
iat                : 1720145238
nbf                : 1720145238
exp                : 1720149138
aio                : ATQ...G1q
email              : xxx@gmail.com
name               : Rory yyy
nonce              : 638...N2U
oid                : d21...88c
preferred_username : xxx@gmail.com
rh                 : 0.A...AGk.
sub                : Ock...75U
tid                : 3ef...3fb
upn                : d21...88c@tenant.onmicrosoft.com
uti                : KmY...CAA
ver                : 2.0
sig                : eQ3Z...g==
expiryDateTime     : 5/07/2024 3:12:18 pm
timeToExpiry       : 00:53:23.9750008

To look at the individual elements, use:

$details = Get-JWTDetails ('eyJ...kPg')

Then e.g.:

$details.expiryDateTime

Friday, 5 July 2024 3:12:18 pm

$details.timeToExpiry

Days              : 0
Hours             : 0
Minutes           : 51
Seconds           : 46
Milliseconds      : 261
Ticks             : 31062619116
TotalDays         : 0.0359521054583333
TotalHours        : 0.862850531
TotalMinutes      : 51.77103186
TotalSeconds      : 3106.2619116
TotalMilliseconds : 3106261.9116

Very useful if you want to keep an eye on JWT expiry times!

When the JWT expires, you see:

expiryDateTime     : 5/07/2024 3:12:18 pm
timeToExpiry       : -00:01:35.2862219

This cmdlet will also work for Entra ID and Azure AD B2C.

All good!