๐ก๏ธ
JWT Decoder & Validator
Inspect JSON Web Tokens safely in your browser.
- Decode header
- Decode payload
- Inspect claims
- Verify HS256/RS256
Tokens never leave your browser. Paste a JWT and decode it instantly.
Signature verification
Optionally verify the signature with a shared secret (HS256) or a public key (RS256).
- HS256: this must match the secret used to sign the token.
- RS256: provide the PEM encoded public key (-----BEGIN PUBLIC KEY-----).
Signature not verified yet
Token overview
Check structure, algorithm, and signature at a glance.
Structure Waiting for token...
Algorithm Not provided
Type Not provided
Key ID (kid) Not provided
Expiration Unknown
Signature No signature present
Security alerts
- No issues detected
Standard claims
Quickly review the most common JWT claims.
- Issuer (iss)
- Not provided
- Subject (sub)
- Not provided
- Audience (aud)
- Not provided
- Expiration time (exp)
- Not provided
- Issued at (iat)
- Not provided
- Not before (nbf)
- Not provided
Header
Metadata such as algorithm (alg), type (typ), and key id (kid).
Decode a token to inspect its contents.
Payload
The claims and custom data shipped inside the token.
Decode a token to inspect its contents.
Signature
Compare or verify the signature segment.
No signature present
No signature present