Bearer tokens are generally composed of a random string of characters, so they carry no meaning by themselves. So there's nothing to decode.

Thanks for your answer.

I want to explain my question a bit more. Hopefully, you can understand why I ask this.

We would like to send a bearer token in a request to FME Flow from our other services and would like to validate the content of that token.

Ideally you should also be the issuer of said bearer token, so you'd have a copy of it on your server. When the client sends its copy of the bearer token to the server, the server compares it to what's already in your database, check that the token hasn't expired etc. before deciding whether it's valid or not. At least that's the very simplified principle.

If your use case allows it, I'd strongly recommend using the FME Flow API token service rather than rolling your own, see https://docs.safe.com/fme/html/FME-Flow/WebUI/Manage-Token.htm