JWT parser

Parse and decode your JSON Web Token (jwt) and display its content.

JWT to decode

Header

Payload

About JWT Parser

JWT (JSON Web Token) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS).

JWT Structure

A JWT consists of three parts separated by dots (.)

Header - Contains metadata about the type of token and the cryptographic algorithms used
Payload - Contains the claims or assertions about the user and additional data
Signature - Verifies the integrity of the token and ensures it hasn't been altered

Common Uses of JWT

Authentication and authorization
Information exchange between parties
Securing API endpoints
Single sign-on (SSO) implementations
Stateless session management

JWT Security Considerations

Signature Verification

Always verify the signature of a JWT before trusting its content. This tool only decodes the token but doesn't verify its signature.

Sensitive Information

Avoid storing sensitive information in JWTs as the payload is only encoded, not encrypted, unless you specifically use JWE (JSON Web Encryption).

Token Expiration

Set appropriate expiration times for your tokens to minimize the security impact if a token is compromised.

Standard JWT Claims

Claim	Description
`iss`	Issuer - identifies the principal that issued the JWT
`sub`	Subject - identifies the principal that is the subject of the JWT
`aud`	Audience - identifies the recipients that the JWT is intended for
`exp`	Expiration Time - identifies the expiration time on or after which the JWT must not be accepted for processing
`nbf`	Not Before - identifies the time before which the JWT must not be accepted for processing
`iat`	Issued At - identifies the time at which the JWT was issued
`jti`	JWT ID - provides a unique identifier for the JWT