JWT (JSON Web Token) Decoder
A simple and secure tool to decode JSON Web Tokens and inspect their contents without sending your data to any server.
Note on Verification
What is a JSON Web Token (JWT)?
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
In simpler terms, JWTs are a popular way to securely transmit information between a client and a server, commonly used for authentication and authorization in web applications.
The Structure of a JWT
A JWT consists of three parts separated by dots (`.`):
- Header: The first part contains metadata about the token, such as the type of token (JWT) and the signing algorithm being used (e.g., HMAC SHA256 or RSA).
- Payload: The second part contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are registered claims (like `iss` for issuer, `sub` for subject, `exp` for expiration time), public claims, and private claims.
- Signature: To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. This signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.