JWT Debugger

Paste a JSON Web Token (JWT) to inspect its content and verify its signature.

Encoded JWT

Paste the complete JWT token here.

Signature Verification

Enter your secret key or public key to verify the JWT signature. Verification happens in your browser.

Secret key for HMAC algorithms (HS256, HS384, HS512).

Decoded JWT

View of the token content.

Waiting for a valid JWT...

Signature Verification

The signature was not verified. This debugger does not validate JWT signatures automatically. To verify, use your secret or public key below.

How to Use the JWT Debugger

This tool decodes JSON Web Tokens (JWTs) so you can inspect their contents. Steps to use:

  1. Paste the Token: Paste your complete JWT in the input field on the left.
  2. Automatic Analysis: The tool will attempt to decode and display the token structure.
  3. Inspect the Content: View the decoded header, payload, and signature information.
  4. Verify Signature: Optionally, enter a secret or public key to validate authenticity.

Security Note: Processing happens entirely in your browser. Your tokens are not sent to any server.

Frequently Asked Questions (FAQ)

Is it safe to paste my JWT here?

Yes. This tool works 100% in your browser. The token is not sent to servers. However, avoid sharing sensitive JWTs in general.

What does "invalid signature" mean?

This is a client-side tool. To validate signatures, you must provide the corresponding secret or public key.

How do I verify a JWT signature?

Enter your secret key (HMAC) or public key (RSA/ECDSA) in the Verification section and click "Verify Signature".

Share this tool

React:

Rate this article

Be the first to rate

Comments (0)

No comments yet. Be the first to comment!

Receive site updates

Subscribe to receive site updates directly to your email

We won't send spam. You can unsubscribe at any time.