JWT Debugger

Decode JWT to check header/payload or encode to generate a new JWT.

HS256 (HMAC + SHA-256)

JWT

SignatureValid

Decoded HeaderRead-only

Decoded PayloadRead-only

What is JWT?

JWT (Json Web Token) is an open standard (RFC 7519) used to securely transmit information between two systems. It is mainly used for authentication and authorization, and consists of three parts: header, payload, and signature. JWT contains information itself, so authentication status can be maintained without a separate session store. However, sensitive information must be encrypted or signed for secure management.

JWT Structure

Header

•

Payload

•

Signature

JWT consists of three parts: header, payload, and signature. The header contains the token type and signing algorithm, the payload contains the actual data (claims), and the signature is used to verify the integrity of the token. These three parts are each base64url encoded and separated by dots.

Supported Algorithms

- HS256, HS384, HS512: HMAC + SHA-256/384/512 (symmetric key)
- RS256, RS384, RS512: RSASSA-PKCS1-v1_5 + SHA-256/384/512 (asymmetric key, RSA)
- PS256, PS384, PS512: RSASSA-PSS + SHA-256/384/512 (asymmetric key, RSA-PSS)
- ES256, ES384, ES512: ECDSA + P-256/384/521 + SHA-256/384/512 (asymmetric key, elliptic curve)