Have setup a test server with express, socket.io and a token-based authentication with jwt
Have looked at this tutorial
On the server-side the tutorial logs the decoded token
The token is not encrypted, just encoded.
The signature, built with your secret, is the important bit and ensures that the token hasn't been tampered with.
Here's a decent (and short) writeup that explains that in a bit more detail