JWT Encoder / Decoder (JSON Web Token)

What is a JSON Web Token (JWT)?

JWT is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs are commonly used for authentication and authorization in web applications.

How to Use

• Decode Mode: Paste a signed JWT string (xxxx.yyyy.zzzz). The tool will parse the Base64Url-encoded Header and Payload and display them as properly formatted JSON. Note: this tool decodes the token payload but does not cryptographically verify the signature.
• Encode Mode: Edit the Header and Payload JSON blocks manually. Provide a secret key in the Signature block to cryptographically sign and generate a brand-new JWT string (using HMAC SHA-256 or similar algorithms).

Terminology

A typical JWT consists of three parts separated by dots:

1. Header: Contains metadata about the type of token and the cryptographic algorithms used to secure its contents.
2. Payload: Contains the "claims" (statements about an entity and additional data like expiration times).
3. Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't manipulated along the way.

Common Use Cases

• Debugging failed API logins by checking if the auth token's expiration claim (exp) has passed.
• Creating mock administrative tokens to bypass login screens during local frontend development.

Security

Tokens pasted here are decoded and re-encoded offline in your browser. We do not send your sensitive tokens, email claims, or secret keys over the network, ensuring complete privacy.