Decode a JWT access token without verifying its signature.
For diagnostics only — the returned claims MUST NOT be trusted for
authorization decisions. Returns null if the token is not a well-formed
three-part JWT, or if the header/claims segments are not valid JSON.
Opaque (non-JWT) tokens always return null, which is the expected outcome
for servers that issue reference tokens rather than JWTs.
Decode a JWT access token without verifying its signature.
For diagnostics only — the returned claims MUST NOT be trusted for authorization decisions. Returns
nullif the token is not a well-formed three-part JWT, or if the header/claims segments are not valid JSON.Opaque (non-JWT) tokens always return
null, which is the expected outcome for servers that issue reference tokens rather than JWTs.