What is a JWT?
A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
JWTs are commonly used for Authentication (logging in users) and Information Exchange (securely transmitting data).
JWT Structure
A JWT consists of three parts separated by dots (.):
- Header: Typically consists of the type of token (JWT) and the signing algorithm being used (e.g., HMAC SHA256 or RSA).
- Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data (e.g., expiration time).
- Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
Frequently Asked Questions
Is it safe to paste my JWT here?
Yes. This tool runs 100% in your browser. We do not send your token to any server. However, you should always be cautious with production tokens containing sensitive data.
What do 'exp', 'iat', and 'nbf' mean?
These are standard claims in the payload:
exp (Expiration Time): The time after which the token is invalid.
iat (Issued At): The time at which the token was created.
nbf (Not Before): The time before which the token must not be accepted.
Does this tool verify the signature?
No. verifying a signature requires the private secret key, which you should never share. This tool simply decodes the base64 structure so you can inspect the contents.