JWT Parsing Tool
Decode and verify JSON Web Token, view Header, Payload and Signature
Sample JWT
What is JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties. JWT consists of three parts separated by dots: Header contains the token type and signing algorithm, Payload contains claims data, and Signature is used to verify token integrity. JWT is commonly used for authentication and information exchange scenarios. When working with JWTs, it is important to distinguish decoding from verification. The header and payload are only Base64URL-encoded, so they can be read even when the signature is invalid. Trust comes from server-side validation of the signature, algorithm, expiration time, issuer, and audience. Sensitive data should not be placed in an unencrypted payload because anyone holding the token can read it. Debugging a token can clarify its contents, but it is not the same as accepting it.
How to Use
How to use
- Paste a JWT into the input box, and the tool will automatically parse and display the header and payload content
- Click on colored tags to copy the corresponding Base64 encoded part
- Enter secret in the signature verification area to verify if signature is correct (supports HS256/HS384/HS512 algorithms)
- Key information area shows decoded values for common claims, expiration status is color-coded
Security Tips
- This tool runs locally in your browser, Token is never sent to any server
- JWT only encodes and signs data, it is not encrypted, anyone can decode and view the content
- Do not store sensitive information in JWT (such as passwords, credit card numbers, etc.)
- Always use HTTPS to transmit JWT in production environments
Use Cases
Technical Principle
JWT (JSON Web Token, RFC 7519) is composed of three parts - Header.Payload.Signature - joined by the English period '.'. Header: describes the token type and signing algorithm, e.g. {"alg":"HS256","typ":"JWT"}. alg decides how the Signature is computed; the common ones are HS256 (HMAC-SHA256), RS256 (RSA-SHA256), ES256 (ECDSA-SHA256), and none (no signature - forbidden in production). Payload: also called claims, a set of JSON fields. RFC 7519 defines 7 standard registered claims: iss (issuer), sub (subject, usually a user ID), aud (audience), exp (expiration), nbf (not before), iat (issued at), and jti (unique ID). Developers can add any private fields on top, such as userId, role, tenant. Signature: Base64URL-encode the Header and Payload, join them with a dot, then sign with the algorithm specified by alg using a key. HS256 uses HMAC-SHA256(secret, header_b64 + '.' + payload_b64); RS256 uses an RSA private key. The receiver recomputes the signature the same way and checks whether the two match. Base64URL vs standard Base64: '+' becomes '-', '/' becomes '_', and the trailing '=' padding is dropped, so the result can be put in URL paths and query strings without triggering percent-encoding. Note that Base64URL is just an encoding - it provides no encryption or security, and anyone can decode and read the payload. Security boundary: JWT only guarantees 'not tampered with', not 'content is sensitive'. A common mistake is stuffing user phone numbers, ID numbers, or password hashes into the payload, where everyone can see them.
- Three-part structure: Header.Payload.Signature, each Base64URL-encoded; the signature is HMAC(secret, header_b64 + '.' + payload_b64) or RSA(privateKey, same input).
- Base64URL swaps '+' -> '-', '/' -> '_', and drops the trailing '=' padding, so the encoded result can sit directly in a URL (no percent-encoding triggered).
- This tool only verifies HMAC-family signatures (HS256/HS384/HS512) locally. Asymmetric algorithms such as RS256 or ES256 require a public key held by the issuer's JWKS endpoint, so signatures for those tokens must be checked on a server that holds the public key — the page can still decode the header and payload but cannot verify them.
- Standard claims: iss (issuer), sub (subject), aud (audience), exp (expiration Unix timestamp in seconds), nbf (not before), iat (issued at), jti (JWT ID, prevents replay).
- alg=none attack: the alg field must be strictly validated and the none algorithm must be rejected, otherwise an attacker can forge any token; algorithm-substitution attacks (verifying an HS256 token using the public key as the secret) must also be prevented.
- JWT is not encrypted: the payload is plaintext Base64URL-encoded, not encrypted; for confidential content use JWE (JSON Web Encryption), but in practice the common pattern is to keep sensitive data on the backend and reference it via the sub field.
Examples
Standard HS256 Token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkphbmUgRG9lIiwiaWF0IjoxNzA1MzEyODAwLCJleHAiOjE3MDUzMTY0MDB9.znHapMygT8K8YZN4K8zM1sV3bKlQ5pY3xE2gR4wN1vM
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"1234567890","name":"Jane Doe","iat":1705312800,"exp":1705316400}
RFC: RFC 7519 section 3 defines Registered Claim Names (sub, iat, exp)Expired Token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTEyMyIsImV4cCI6MTYwMDAwMDAwMH0.OxQ0fUKW0z4mK0xJ4vF0uF7eZB9wK3yF8pL2nQ6tX1k
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"user-123","exp":1600000000}
Status: expired (exp < now)
Note: exp claim uses NumericDate (seconds since Unix epoch per RFC 7519 section 2)User Info Token with custom claims
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTQ1NiIsIm5hbWUiOiJBbGljZSIsInJvbGUiOiJhZG1pbiIsInRlbmFudCI6ImFjbWUiLCJpYXQiOjE3MDUzMTI4MDAsImV4cCI6MTcwNTMxNjQwMCwiYXVkIjoiYXBpLmV4YW1wbGUuY29tIn0.7Hk2L9oP3qR1mN4vK8xJ2wE5yT6sB0fA9cZ1dG3hI4U
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"user-456","name":"Alice","role":"admin","tenant":"acme","iat":1705312800,"exp":1705316400,"aud":"api.example.com"}
Note: role, tenant are private claims - not defined in RFC 7519Security checklist for JWT implementation
1. Never store secrets in payload - JWT is encoded, not encrypted
2. Use strong secrets for HS256 (>= 256 bits / 32 chars random)
3. Prefer RS256/ES256 for public-key verification in multi-service systems
4. Validate alg header - reject 'none' or unexpected algorithms
5. Check exp, nbf, iat timestamps before trusting the token
6. Verify aud matches your service to prevent token reuse across apps
7. Store in HttpOnly cookies, not localStorage (XSS protection)
RFC: RFC 8725 (JWT Best Practices) covers these security considerationsFAQ
What are the three parts of a JWT?
Header, payload, and signature, separated by dots. The header declares the signing algorithm and token type. The payload carries claims like sub, iss, aud, iat, exp, and any custom data. The signature lets the verifier confirm the token has not been tampered with. Header and payload are Base64URL-encoded JSON - they are signed, not encrypted.
Is a JWT encrypted?
No - a normal JWS-format JWT is signed but not encrypted. Anyone who intercepts it can Base64URL-decode the header and payload and read every claim, including user IDs, emails, and roles. Treat JWT contents as public information; never put passwords or secrets inside the payload. JWE (encrypted JWT) exists but is far less common.
What does each standard claim mean?
iss = issuer; sub = subject (often user ID); aud = audience (intended recipient); exp = expiration (Unix seconds); nbf = not before; iat = issued at; jti = unique token ID for revocation. They are defined by RFC 7519. Custom claims can be added freely - prefix vendor-specific ones to avoid collisions.
How do I verify a JWT?
Read the alg header, use the matching key (HS256 = shared secret, RS256/ES256 = public key from the issuer's JWKS endpoint), recompute the signature over the encoded header.payload, and compare. Then check exp, nbf, iss, and aud. Reject the token if alg is 'none' or differs from what your server expects. This tool only verifies HS256/HS384/HS512 (shared-secret) signatures locally; RS256/ES256 verification must run on a server that holds the public key.
Is verification done in my browser?
Yes. The page parses the JWT locally and verifies HS256/HS384/HS512 signatures with HMAC computed in JavaScript inside your browser. The token never reaches our server, but remember that a JWT is meant to be carried in URLs and headers anyway — assume any JWT you copy is potentially observable in logs.
Why is alg=none dangerous?
RFC 7519 allows alg=none for unsigned tokens. A vulnerable verifier may accept such a token even though it has no signature, letting an attacker forge any payload. Modern libraries reject alg=none by default; if you write a verifier yourself, hard-code the expected algorithm rather than trusting the header.
How big can a JWT get?
There's no protocol limit, but JWTs typically end up in HTTP headers (Authorization: Bearer ...) and many servers cap headers around 8 KB. Stuffing claims into a JWT fattens every request. If you need lots of session state, use a server-side session and put a small reference token in the JWT instead.