LogoSTACKBAY

JWT Debugger

Decode JWT to check header/payload or encode to generate a new JWT.

What is JWT?

JWT (Json Web Token) is an open standard (RFC 7519) used to securely transmit information between two systems. It is mainly used for authentication and authorization, and consists of three parts: header, payload, and signature. JWT contains information itself, so authentication status can be maintained without a separate session store. However, sensitive information must be encrypted or signed for secure management.

JWT Structure

JWT consists of three parts: header, payload, and signature. The header contains the token type and signing algorithm, the payload contains the actual data (claims), and the signature is used to verify the integrity of the token. These three parts are each base64url encoded and separated by dots.

Header
Payload
Signature

How to Use JWT Debugger

  1. 1Decoder Tab: Paste an existing JWT and enter the secret key to verify the signature.
  2. 2Encoder Tab: Edit the header and payload, then enter the secret key to generate a new JWT.
  3. 3Algorithm Selection: Choose your desired signing algorithm from the dropdown at the top.
  4. 4Real-time Sync: Your input data is encoded/decoded and displayed in real-time.

Supported Algorithms

JWT supports various cryptographic algorithms. Each algorithm has different security levels and performance characteristics, so choose according to your needs.

Symmetric Key Algorithms (HMAC)

  • - HS256, HS384, HS512: HMAC + SHA-256/384/512 (symmetric key)

Asymmetric Key Algorithms (RSA, ECDSA)

  • - RS256, RS384, RS512: RSASSA-PKCS1-v1_5 + SHA-256/384/512 (asymmetric key, RSA)
  • - PS256, PS384, PS512: RSASSA-PSS + SHA-256/384/512 (asymmetric key, RSA-PSS)
  • - ES256, ES384, ES512: ECDSA + P-256/384/521 + SHA-256/384/512 (asymmetric key, elliptic curve)

Key Features

  • Real-time JWT token decoding and encoding
  • Support for various signing algorithms (HS256, RS256, ES256, etc.)
  • Signature verification and generation
  • Base64URL encoding/decoding support
  • JSON and table view switching

Use Cases

JWT Debugger is useful in the following situations:

  • JWT token verification during API development and debugging
  • Token generation and testing when implementing authentication systems
  • JWT payload analysis for security audits
  • Learning JWT structure for educational purposes

Frequently Asked Questions

What is JWT and why is it used?

JWT (JSON Web Token) is an open standard for securely transmitting information between parties. It's commonly used for authentication and authorization in web applications because it's stateless and contains all necessary information within the token itself.

What's the difference between symmetric and asymmetric algorithms?

Symmetric algorithms (HS256, HS384, HS512) use the same secret key for both signing and verification. Asymmetric algorithms (RS256, ES256, etc.) use a private key for signing and a public key for verification, providing better security for distributed systems.

Is it safe to decode JWTs with sensitive data here?

All JWT processing is done locally in your browser. No tokens or keys are sent to external servers. However, avoid using real production secrets for testing purposes.

How do I verify if my JWT signature is valid?

Paste your JWT in the decoder tab and enter the correct secret key or public key. The tool will automatically verify the signature and display whether it's valid or invalid.

Can I use this tool to generate production JWTs?

While this tool can generate valid JWTs, it's recommended to use your application's backend for production token generation to ensure secret keys remain secure.