JWT Decoder & Verifier
Decode a JSON Web Token to read its header and payload, see every claim in plain English with expiry times, and verify the signature against a secret or public key - HS256, RS256, ES256, and PS256. Everything runs in your browser; nothing is uploaded.
Decoding and verification run entirely in your browser - your token and secret are never uploaded. Safe for real access tokens.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe way to carry a set of claims - facts about a user or client - between two parties. It is the format behind most modern authentication: after you log in, the server hands your browser or app a signed JWT, and every following request presents that token so the API knows who you are without a database lookup.
A JWT is three Base64URL strings joined by dots: header.payload.signature. The first two are just JSON that anyone can read - this tool decodes them instantly. The third is a cryptographic signature that proves the token has not been tampered with.
The three parts: header, payload, signature
- Header - JSON describing how the token is signed. The key field is
alg(the algorithm, e.g.HS256orRS256);kidnames which key to use. - Payload - JSON holding the claims: registered ones like
sub,exp, andiss, plus any custom fields your app adds (roles, scopes, tenant IDs). - Signature - the header and payload run through the signing algorithm with a key. Change a single byte of the header or payload and the signature no longer matches.
Because the header and payload are only encoded, not encrypted, decoding a JWT never needs a key or password. Verifying it does.
How JWT signature verification works
The signature is computed over the exact string base64url(header) + "." + base64url(payload). To verify a token you recompute or check that signature and confirm it matches - which also proves the token was issued by whoever holds the key and has not been altered.
How you check it depends on the algorithm family:
- HMAC (HS256/384/512) uses one shared secret for both signing and verifying. Paste that secret to verify.
- RSA and ECDSA (RS/PS/ES) use a key pair: the issuer signs with a private key, and you verify with the matching public key (or a JWK / certificate). You never need the private key to verify.
This tool performs the check with the browser's native Web Crypto API, so your secret or key never leaves the page.
JWTs are signed, not encrypted
This is the most important and most misunderstood point: a standard JWT provides integrity, not confidentiality. The payload is Base64URL, which anyone who intercepts the token can decode in one step - exactly what this tool does. The signature stops them from changing it, but it does nothing to hide it.
So never put secrets in a payload: no passwords, no card numbers, no private personal data. If the contents truly must be hidden, you need an encrypted token (JWE), which is a different format. For an ordinary signed JWT, treat the payload as public.
HS256 vs RS256: which should you use?
The two most common algorithms answer one question differently: who is allowed to create tokens?
| HS256 (HMAC) | RS256 (RSA) | |
|---|---|---|
| Key model | One shared secret | Private key signs, public key verifies |
| Who can sign | Anyone with the secret | Only the private-key holder |
| Who can verify | Anyone with the secret | Anyone with the public key |
| Best for | A single service verifying its own tokens | Many services / clients verifying one issuer |
Use HS256 when the same service both issues and checks the token. Use RS256 (or ES256) when tokens are issued centrally and verified elsewhere, so verifiers only ever hold the public key and can never mint their own tokens.
Common JWT mistakes (and alg: none)
- Accepting
alg: none- a token can declare it is unsigned. A verifier that trusts the header'salgblindly will accept a forged, unsigned token. Always pin the expected algorithm on the server. - The algorithm-confusion attack - if a server verifies with a public key but does not pin the algorithm, an attacker can re-sign a token as HS256 using that public key as the HMAC secret. Pin the alg.
- Not checking
exp- decoding a token is not validating it. A correct server must reject expired tokens and checknbf,aud, andisstoo. - Trusting a decoded payload - reading claims without verifying the signature means trusting data anyone could have edited. Verify first, then trust.
Registered JWT claims
| Claim | Name | What it means |
|---|---|---|
| iss | Issuer | Who issued the token, usually the auth server or app URL. |
| sub | Subject | Who the token is about - typically the user or client ID. |
| aud | Audience | Who the token is for. Your API should reject a token whose audience is not itself. |
| exp | Expiration | The token must be rejected on or after this Unix time. |
| nbf | Not before | The token is not valid until this Unix time. |
| iat | Issued at | When the token was created. |
| jti | JWT ID | A unique identifier used to prevent the token being replayed. |
Frequently asked questions
Related developer tools
Cron Expression Generator
Build and decode crontab schedules with a plain-English preview.
Nginx Config Generator
Generate an nginx server block for a reverse proxy, static site, SPA, or PHP - with SSL.
Base64 Encoder / Decoder
Encode and decode Base64 - text, files, and data URIs - with URL-safe and UTF-8 support.
Keep secrets on your own machine.
This tool runs entirely in your browser - your tokens and keys are never uploaded. CtrlOps takes the same local-first approach to real credentials: SSH keys and server secrets stay encrypted on your device, never synced to a cloud.
✓ Start instantly·✓ No credit card·✓ No sneaky autorenewals

