JWT Debugger Online - Decode & Verify JWT Tokens
Debug, decode, and verify JSON Web Tokens (JWT) instantly. Our free JWT debugger helps you inspect JWT headers, payloads, and verify signatures with support for HS256, RS256, and other algorithms.
Header data appears here...
What is a JWT Token?
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and authorization in web applications and APIs.
A JWT consists of three parts separated by dots (.): Header.Payload.Signature. Each part is Base64URL encoded, making JWTs URL-safe and easy to pass in HTTP headers.
How to Use the JWT Debugger
1. Paste your JWT: Copy and paste your JWT token into the input field on the left.
2. View decoded data: The header and payload will be automatically decoded and displayed in readable JSON format.
3. Verify signature: Enter your secret key (HS algorithms) or public key (RS/ES algorithms) to verify the token's authenticity.
JWT Example
Here's a sample JWT token you can use to test the debugger:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5cSecret for verification: your-256-bit-secret
Frequently Asked Questions
What algorithms does this JWT debugger support?
Our JWT debugger supports all major signing algorithms including HS256, HS384, HS512 (HMAC), RS256, RS384, RS512 (RSA), ES256, ES384, ES512 (ECDSA), and PS256, PS384, PS512 (RSA-PSS).
Is it safe to paste JWT tokens here?
All JWT processing happens entirely in your browser - no data is sent to our servers. However, avoid pasting production tokens with sensitive data. Use this tool for development and testing purposes only.
Why is my JWT verification failing?
Common reasons include: incorrect secret/key, wrong algorithm specified in the header, expired token, or invalid token format. Make sure your secret matches exactly and the algorithm in the JWT header corresponds to your key type.
What's the difference between symmetric and asymmetric JWT algorithms?
Symmetric algorithms (HS*) use the same secret for signing and verification. Asymmetric algorithms (RS*, ES*, PS*) use a private key for signing and a public key for verification, providing better security for distributed systems.