Decode and generate JWT tokens
No data
Enter the secret used to sign the JWT below:
Verification happens entirely in your browser. No tokens are sent to external servers.
No data
No data
No data
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties. It is digitally signed, making it verifiable and trustworthy. JWTs can be signed using HMAC algorithms or RSA/ECDSA public/private key pairs.
xxxxx.yyyyy.zzzzz
issIssuer - The entity that issued the token
subSubject - The subject of the token (usually user ID)
audAudience - The recipients the token is intended for
expExpiration Time - Unix timestamp when token expires
nbfNot Before - Token is invalid before this time
iatIssued At - Unix timestamp when token was issued
jtiJWT ID - Unique identifier for the token
Issue JWT after user login to verify identity in subsequent requests
Verify sender identity and detect content tampering through signatures
Maintain authentication across multiple services with a single token
Secure API call authentication between microservices
HMAC + SHA-256. The most commonly used symmetric key algorithm
HMAC + SHA-384. Enhanced security with longer hash than HS256
HMAC + SHA-512. Symmetric key algorithm with the longest hash
This tool only supports HMAC-based symmetric algorithms (HS*). RSA/ECDSA asymmetric algorithms require separate public/private key pairs.
A tool that decodes JSON Web Tokens to analyze headers, payloads, and signatures, and generate new JWT tokens. Visually inspect token claims (issuer, expiration, user info, etc.) and verify signatures using HMAC algorithms (HS256/HS384/HS512). All processing happens in the browser to keep tokens secure.