JWT Debugger
Decode, inspect, and verify JSON Web Tokens with signature validation
JWT Token
No token
0 parts
JWT Structure
Header
-
.
Payload
-
.
Signature
-
Decoded Header
No token to decode
Decoded Payload
No token to decode
Signature Verification
⚪
Not verified
Token Analysis
Claims
No token to analyze
Token Info
Algorithm:
-
Type:
-
Issued At:
-
Expires At:
-
Not Before:
-
Status:
-
About JWT
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure.
JWT Structure
A JWT consists of three parts separated by dots (.):
- Header: Contains the token type and signing algorithm
- Payload: Contains the claims (data)
- Signature: Used to verify the token hasn't been tampered with
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Standard Claims
- iss: Issuer - who issued the token
- sub: Subject - whom the token refers to
- aud: Audience - intended recipient
- exp: Expiration Time - when the token expires
- nbf: Not Before - when the token becomes valid
- iat: Issued At - when the token was issued
- jti: JWT ID - unique identifier for the token
Supported Algorithms
- HMAC: HS256, HS384, HS512 (symmetric)
- RSA: RS256, RS384, RS512 (asymmetric)
- ECDSA: ES256, ES384, ES512 (asymmetric)
- None: Unsecured JWTs (not recommended)
Security Note
Warning: Never paste production secrets or private keys into online tools. This tool runs entirely in your browser for security, but always use caution with sensitive data.