Private/Utilities/Get-DecodedJWT.ps1

function Get-DecodedJWT {
    <#
    .DESCRIPTION
    Decodes a JWT token. This was taken from link below. Thanks to Vasil Michev.
    .LINK
    https://www.michev.info/Blog/Post/2140/decode-jwt-access-and-id-tokens-via-powershell
    #>

    [cmdletbinding()]
    param(
        [Parameter(Mandatory = $True)]
        [string]$Token
    )

    #Validate as per https://tools.ietf.org/html/rfc7519
    #Access and ID tokens are fine, Refresh tokens will not work
    if (-not $Token.Contains(".") -or -not $Token.StartsWith("eyJ")) {
        Write-Error "Invalid token" -ErrorAction Stop
    }
 
    $tokenheader = $Token.Split(".")[0].Replace('-', '+').Replace('_', '/')

    #Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0
    while ($tokenheader.Length % 4) {
        $tokenheader += "="
    }
 
    #Payload
    $tokenPayload = $Token.Split(".")[1].Replace('-', '+').Replace('_', '/')

    #Fix padding as needed, keep adding "=" until string length modulus 4 reaches 0
    while ($tokenPayload.Length % 4) {
        $tokenPayload += "="
    }

    $tokenByteArray = [System.Convert]::FromBase64String($tokenPayload)

    $hashTable = ([System.Text.Encoding]::ASCII.GetString($tokenByteArray) | ConvertFrom-Json -AsHashtable)
    $hashTable["expirationDateTime"] = ([DateTime]('1970,1,1')).AddSeconds($hashTable["exp"])

    Write-Output $hashTable
}