JWT Debugger

Secure, client-side JSON Web Token debugger. Decode, verify, and analyze JWT headers and payloads instantly in your browser.

What This Tool Shows

Decode JWTs and inspect header, payload, and signature parts locally in the browser. It is useful for debugging tokens from APIs, auth systems, gateways, and local development environments.

You can read claim values, expiration fields, algorithms, and related metadata. For HMAC-signed tokens (such as HS256), you can verify locally when you supply the shared secret without sending the token to a third-party service.

When To Use It

Use it when a token looks malformed, a claim seems wrong, a signature check fails, or you need to compare encoded output while editing claims or headers.

Because JWTs often contain sensitive identifiers, keeping the decode and inspection flow local is important for internal systems and staging environments.

Loading Tool Editor...

What is a JSON Web Token (JWT)?

Definition & Standard

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Compact & Self-Contained

Because of its small size, a JWT can be sent through a URL, POST parameter, or inside an HTTP header. "Self-contained" means the payload contains all the required information about the user, avoiding the need to query the database more than once.

The Structure of a JWT

1. Header

The header typically consists of two parts: the type of the token ("JWT") and the signing algorithm being used, such as HMAC SHA256 or RSA. It is Base64Url encoded.

2. Payload

The payload contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.

3. Signature

To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

Interactive Reference

Reserved Fields Guide

Toggle between Code and Reference views on the Header and Payload cards. The Reference view provides an integrated guide for standard reserved fields (claims) and algorithms.

Live Debugging

Use Code view to inspect your actual token data. In Encoder mode, the token is automatically re-signed as you edit the JSON content.

Official References

IETF RFC 7519

The official specification for JSON Web Token (JWT). Read the full standard at RFC 7519.

Wikipedia: JSON Web Token

A comprehensive overview of the history, structure, and usage of JWTs. Visit the JWT Wikipedia page.