JWT Debugger
Decode and inspect JSON Web Tokens (JWTs). Visualize headers and payloads, convert timestamps, and debug auth issues directly in your browser.
What is a JSON Web Token (JWT)?
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
JWT Structure
A JWT consists of three parts separated by dots (.):
- Header: Typically consists of two parts: the type of the token (JWT) and the signing algorithm being used (e.g., HMAC SHA256 or RSA).
- Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data (e.g., expiration time
exp). - Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
Common Use Cases
- Authorization: The most common scenario. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token.
- Information Exchange: JWTs are a good way of securely transmitting information between parties. Because JWTs can be signed, you can be sure the senders are who they say they are.