JWT Debugger - Decode & Verify JSON Web Tokens

JWT Debugger

Decode, verify, and generate JSON Web Tokens

Enter a JWT token

Encoded JWT

Decoded Header

Decoded Payload

Signature Verification

Algorithm

Secret Key

⚠ Signature Invalid

What is Signature Verification?

Purpose of Signature

The signature ensures the JWT hasn't been tampered with. It's created by combining the header and payload, then signing them with a secret key using the specified algorithm.

What is the Secret?

The secret is a key known only to the JWT issuer and verifier. For HMAC algorithms (HS256/384/512), it's a shared secret. For RSA algorithms (RS256/384/512), it's a private/public key pair.

How Verification Works

To verify: take the header + payload, sign them with your secret using the same algorithm, and compare the result with the signature in the JWT.

Security Note

Never expose your secret keys! This tool runs in your browser for demonstration. In production, verification happens on secure servers.

JWT Verification Process

Receive JWT

Extract Header & Payload

Sign with Secret

Compare Signatures

About JSON Web Tokens (JWT)

What is a JWT?

A JWT is a compact, URL-safe means of representing claims to be transferred between two parties. It consists of three parts separated by dots: header.payload.signature

Common Use Cases

• Authentication and authorization
• Secure information exchange
• Stateless session management
• API access tokens