JWT Decoder

Decode, inspect, and verify JWT tokens for API security testing

Pentest Tool · v2.0 (Secure)

RFC 7519

Standard

JWT specification

Parts

Header.Payload.Signature

100KB

Max Input

Token size limit

Common

Claims

iss, sub, exp, iat

JWT Decoder Pro

Decode and analyze JSON Web Tokens for security testing

JWT Token

Max size: 100KB

Verification

Try to verify signature (HS256 only)

Display Options

Header Payload

Quick Actions

JWT tokens consist of three parts: Header (algorithm & type), Payload (claims), and Signature (verification).

What is JWT?

JSON Web Token (JWT) is an open standard for securely transmitting information between parties as a JSON object. Commonly used for authentication and information exchange.

JWT Structure

• Header - Algorithm & token type

• Payload - Claims (user data)

• Signature - Verification

Common Claims

iss - Issuer

sub - Subject

aud - Audience

exp - Expiration

nbf - Not Before

iat - Issued At

jti - JWT ID

Example Tokens

Standard JWT

                    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
                

Expired Token

                    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE1MTYyMzkwMjJ9.4pYjKQ9Q8Z3Q5X7Y9Z1W3A4X6C7V8B9N0M1Q2W3E4R5T6Y7U8
                

Admin Token

                    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFkbWluIFVzZXIiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE1MTYyMzkwMjJ9.5X9Y7Z1W3A4X6C7V8B9N0M1Q2W3E4R5T6Y7U8I9O0P
                