Offline JWT Debugger

Decode and inspect JSON Web Tokens (JWT) without sharing secrets or tokens online. Runs 100% in your browser.

JWT Debugger

Decode and inspect JSON Web Tokens (JWTs) locally.

100% Privacy Guaranteed

Your tokens are decoded locally in your browser. We never send your JWTs to any server.

Encoded TokenPaste your JWT here

Header

// Header

Algorithm & Token Type

Payload

// Payload

Data (Claims)

Signature

HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), your-256-bit-secret )

Understanding JWT Structure

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It consists of three parts separated by dots (.):

Header: Contains metadata about the type of token and the cryptographic algorithm used (e.g., HMAC SHA256 or RSA).
Payload: Contains the claims (data). This can include the user's ID, role, and token expiration time.
Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

Security Best Practices

When using JWTs, always ensure you:

Don't store sensitive data: The payload is easily decodable by anyone who has the token (as this tool demonstrates). Never put passwords or secret keys in the payload.
Use HTTPS: Always transmit tokens over secure channels to prevent interception.
Set short expiration times: To limit the window of opportunity for an attacker if a token is stolen.

Why debug JWTs locally?

Pasting valid tokens into online debuggers can be a security risk. Our tool decodes the Base64Url-encoded parts of the token locally, so your sensitive data never leaves your computer.

Find this tool helpful?Support us with a crypto donation (SOL).

963q...z2hv