Developer Playground
JWT Tool
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. This tool allows you to decode, verify, and generate JWTs. JWTs are commonly used for authentication and information exchange in web applications.
JWT Generator
Create a new JWT token by setting the header, payload, and signing with a secret key.
JWT Decoder
Paste your JWT token below to decode its header and payload.
JWT Verification
Verify a JWT token against a secret key or public key.
Common JWT Claims
The following are standard JWT claims that you can include in your payload:
| Claim | Description |
|---|---|
| iss | Issuer of the token |
| sub | Subject of the token (usually user ID) |
| aud | Audience the token is intended for |
| exp | Expiration time (Unix timestamp) |
| nbf | Not before time (Unix timestamp) |
| iat | Issued at time (Unix timestamp) |
| jti | JWT ID (unique identifier for the token) |
What is a JSON Web Token (JWT)?
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Structure of a JWT
In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:
- Header: Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
- Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data.
- Signature: To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
How to use this tool
Our tool provides three main features:
Generate: Create a new JWT by specifying your own payload, secret key, and algorithm.
Decode: Paste any JWT to instantly view its header and payload contents without needing the secret key.
Verify: Paste a JWT and provide the corresponding secret key or public key to verify its signature and ensure the token hasn't been tampered with.