JWT Decoder

Decode a JSON Web Token (JWT) to view its header, payload, and signature. Useful for debugging and inspecting JWT tokens used in authentication and authorization. The contents of your JWT will not be saved anywhere.

Read more about JWT on Wikipedia

More about JSON Web Tokens

JWT Format

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It consists of three Base64URL-encoded parts separated by dots: header.payload.signature. The header typically contains the token type (JWT) and the signing algorithm. The payload contains the claims—statements about an entity (typically the user) and additional metadata. The signature is used to verify that the message wasn't changed along the way.

JOSE (JSON Object Signing and Encryption)

JWT is part of the larger JOSE (JSON Object Signing and Encryption) framework, which provides a standardized way to secure JSON-based data. JOSE includes several related specifications: JWS (JSON Web Signature) for signed tokens, JWE (JSON Web Encryption) for encrypted tokens, JWK (JSON Web Key) for representing cryptographic keys, and JWA (JSON Web Algorithms) for specifying cryptographic algorithms.

JSON Web Signature (JWS)

Most JWTs you encounter are JWS tokens—they are signed but not encrypted. This means anyone can read the payload by Base64URL-decoding it, but they cannot modify it without invalidating the signature. JWS provides integrity and authenticity: you can verify that the token was issued by a trusted party and hasn't been tampered with.

Signing Algorithms

JWS supports various cryptographic algorithms for signing tokens. These fall into two categories: symmetric algorithms (same key for signing and verification) and asymmetric algorithms (private key for signing, public key for verification).

HMAC Algorithms (Symmetric)

HS256, HS384, and HS512 use HMAC (Hash-based Message Authentication Code) with SHA-256, SHA-384, or SHA-512 respectively. These are symmetric algorithms—the same secret key is used to both sign and verify the token. HMAC algorithms are fast and simple but require secure key distribution since both parties need the same secret.

RSA Algorithms (Asymmetric)

RS256, RS384, and RS512 use RSASSA-PKCS1-v1_5 with SHA-256, SHA-384, or SHA-512. PS256, PS384, and PS512 use RSASSA-PSS (probabilistic signature scheme). RSA algorithms use a private key to sign and a public key to verify. This allows the verification key to be shared publicly without compromising security—ideal for distributed systems where multiple services need to verify tokens.

Elliptic Curve Algorithms (Asymmetric)

ES256, ES384, and ES512 use ECDSA (Elliptic Curve Digital Signature Algorithm) with P-256, P-384, or P-521 curves respectively. EC algorithms offer the same security as RSA but with smaller key sizes, resulting in smaller signatures and faster operations. ES256 is increasingly popular for modern applications due to its efficiency.

JSON Web Encryption (JWE)

While JWS provides signed tokens, JWE provides encrypted tokens where the payload is confidential. JWE tokens have five parts instead of three: header, encrypted key, initialization vector, ciphertext, and authentication tag. JWE supports various encryption algorithms including AES-GCM and AES-CBC with HMAC. Note that this decoder only handles JWS tokens; JWE tokens require decryption with the appropriate key.

RFC Specifications

The JWT and JOSE standards are defined in several IETF RFCs: RFC 7519 defines JSON Web Token (JWT), RFC 7515 defines JSON Web Signature (JWS), RFC 7516 defines JSON Web Encryption (JWE), RFC 7517 defines JSON Web Key (JWK), and RFC 7518 defines JSON Web Algorithms (JWA).