JWT Debugger & Generator
Inspect, create, and verify JSON Web Tokens (JWT) using various algorithms. The most complete developer tool for JWT debugging.
What is a JSON Web Token (JWT)?
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Header
Typically consists of two parts: the type of the token (JWT) and the signing algorithm being used (e.g. HS256).
Payload
Contains the claims. Claims are statements about an entity (typically, the user) and additional data.
Signature
Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
Security Warning
While JWTs are secure because they are signed, the payload is only encoded, not encrypted. This means anyone who has the token can read your payload. Never store sensitive information like passwords or private keys inside a JWT payload.