JWT Debugger

Decode and inspect JSON Web Tokens. Understand JWT structure, validate format, and explore claims without exposing secret keys.

Valid JWT Structure (header.payload.signature)

Valid Header (Base64 JSON)

Valid Payload (Base64 JSON)

(expires: )

ⓘ Signature verification requires secret key (not implemented for security)

Algorithm:

No standard claims found

No custom claims found

Issued: Expires:

⚠️ For testing only - not cryptographically signed

Header

Payload

Generated Token (unsigned)

Structure: JWTs consist of three Base64URL-encoded parts separated by dots: header.payload.signature

Header: Contains metadata about the token, typically the signing algorithm (alg) and token type (typ)

Payload: Contains claims - statements about an entity and additional data

Signature: Ensures the token hasn't been tampered with (requires secret key to verify)

Security Note: Never paste tokens containing sensitive data into online tools. This tool runs entirely in your browser.