Question 1

What is a JWT token?

Accepted Answer

A JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information as a compact, URL-safe JSON object. It has three parts separated by dots: a header, a payload, and a signature.

Question 2

Does this tool verify the JWT signature?

Accepted Answer

No. Signature verification requires the secret key or public key used to sign the token, which should never be exposed client-side. This tool only decodes the header and payload portions, which are Base64Url-encoded. Never rely on client-side decoding for authentication decisions.

Question 3

Is it safe to paste my JWT token here?

Accepted Answer

This tool runs 100% in your browser. Your token is never sent to any server. That said, treat JWTs like passwords — avoid pasting production tokens in environments you do not control.

Question 4

What does the exp claim mean?

Accepted Answer

The exp (expiration time) claim is a Unix timestamp indicating when the token expires. This tool shows the human-readable expiration date and whether the token has already expired based on your browser's current time.

Question 5

Can I use this to debug authentication issues?

Accepted Answer

Yes. This tool is useful for inspecting JWT claims such as user ID, roles, permissions, and expiration time to debug authentication and authorization issues during development.

Question 6

What algorithms do JWTs use?

Accepted Answer

Common JWT signing algorithms include HS256 (HMAC with SHA-256), RS256 (RSA with SHA-256), and ES256 (ECDSA with SHA-256). The algorithm is specified in the JWT header. This tool displays the algorithm but does not verify the signature.

JWT Decoder

What is a JWT?

Understanding JWT Structure

Header

Payload

Signature

Frequently Asked Questions

Related Tools