Using PowerShell to look at an Entra External ID JWT
Published in
2 min readJul 5, 2024
There’s a useful cmdlet here.
This displays the JWT details and the expiration date in readable form, and the time to expiry.
Install by:
install-module -name jwtdetails
Then look at the JWT by:
Get-JWTDetails ('eyJ...kPg')
Login as an Entra External ID user and capture the ID token / JWT.
Run the command.
This shows:
aud : 56d...24c
iss : https://login.microsoftonline.com/3ef...2.0
iat : 1720145238
nbf : 1720145238
exp : 1720149138
aio : ATQ...G1q
email : xxx@gmail.com
name : Rory yyy
nonce : 638...N2U
oid : d21...88c
preferred_username : xxx@gmail.com
rh : 0.A...AGk.
sub : Ock...75U
tid : 3ef...3fb
upn : d21...88c@tenant.onmicrosoft.com
uti : KmY...CAA
ver : 2.0
sig : eQ3Z...g==
expiryDateTime : 5/07/2024 3:12:18 pm
timeToExpiry : 00:53:23.9750008
To look at the individual elements, use:
$details = Get-JWTDetails ('eyJ...kPg')
Then e.g.:
$details.expiryDateTime
Friday, 5 July 2024 3:12:18 pm
$details.timeToExpiry
Days : 0
Hours : 0
Minutes : 51
Seconds : 46
Milliseconds : 261
Ticks : 31062619116
TotalDays : 0.0359521054583333
TotalHours : 0.862850531
TotalMinutes : 51.77103186
TotalSeconds : 3106.2619116
TotalMilliseconds : 3106261.9116
Very useful if you want to keep an eye on JWT expiry times!
When the JWT expires, you see:
expiryDateTime : 5/07/2024 3:12:18 pm
timeToExpiry : -00:01:35.2862219
This cmdlet will also work for Entra ID and Azure AD B2C.
All good!