Question 1

What is a JWT?

Accepted Answer

A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three Base64URL-encoded parts: header, payload, and signature, separated by dots.

Question 2

Can this tool verify JWT signatures?

Accepted Answer

This tool decodes and displays the header and payload of a JWT. It does not verify signatures, as that would require the secret key or public key used to sign the token. Never share your signing keys.

Question 3

Is it safe to paste my JWT here?

Accepted Answer

Yes. All decoding happens entirely in your browser. Your token is never sent to any server. However, be aware that JWTs often contain sensitive claims — avoid sharing them in public channels.

Question 4

What do the common JWT claims mean?

Accepted Answer

Common claims include: iss (issuer), sub (subject), aud (audience), exp (expiration time), nbf (not before), iat (issued at), and jti (JWT ID). exp, nbf, and iat are Unix timestamps.

JWT Decoder

About JSON Web Tokens