JWT Token
the content will be parsed and displayed automatically
JWT Decoder
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties. This tool helps you parse and verify JWT tokens quickly, supports multiple signing algorithms, and shows decoded results in real time.
Key features
🔍 Live parsing
Paste a JWT token and it is parsed automatically. Header and payload are shown in real time, and timestamp fields are converted to readable dates.
🔐 Signature verification
Supports HS256/HS384/HS512 symmetric algorithms and RS256/RS384/RS512 (RSA-PKCS1), PS256/PS384/PS512 (RSA-PSS), ES256/ES384/ES512 (ECDSA), and EdDSA (Ed25519) asymmetric verification.
⏰ Smart time handling
Detects iat, exp, and nbf timestamp fields, checks expiration status, and shows remaining or elapsed time.
🛡️ Local processing
All JWT decoding and verification runs locally in your browser. Tokens and keys are never uploaded.
How to use
Input JWT Token
Paste a JWT token into the input and the tool will parse the header and payload automatically.
View parsed result
Decoded JSON appears on the right. Timestamp fields are converted automatically, with clear expiration status.
Verify signature (optional)
Click"Verify signature"button. The tool detects the algorithm and verifies with the matching key.
View verification result
Shows detailed verification results, including signature validity and possible failure reasons.
Signing algorithm guide
Signing algorithmprotect JWT integrity and authenticity. Different algorithms fit different use cases.
Algorithm comparison
symmetric encryption (HMAC)
HS256 | HS384 | HS512
Uses the same key for signing and verification. Fast and suitable for server-side internal use.
- Pros:Fast and simple to implement
- Cons:The key must be shared by both signer and verifier
- Use cases:APIAuthentication、Session management
Asymmetric - RSA-PKCS1
RS256 | RS384 | RS512
Traditional RSA signature algorithm using PKCS#1 v1.5 padding, widely supported
- Pros:Good compatibility; public keys can be distributed safely
- Cons:Relatively slower; larger keys (2048-bit)
- Use cases:OAuth2.0、Single sign-on and legacy system integration
Asymmetric - RSA-PSS
PS256 | PS384 | PS512
RSAProbabilistic signature scheme using PSS padding with stronger security
- Pros:Stronger than RS variants and more resistant to attacks
- Cons:Slightly slower than RS variants and less widely compatible
- Use cases:High-security systems and financial applications
Asymmetric - ECDSA
ES256 | ES384 | ES512
Elliptic-curve algorithm with smaller keys and strong performance; recommended for modern apps
- Pros:Small keys (256-bit), good performance, strong security
- Cons:Requires modern browser support
- Use cases:Mobile apps, IoT devices, and cloud-native apps
Asymmetric - EdDSA
EdDSA (Ed25519)
Edwardscurve algorithm with excellent performance and strong security
- Pros:Best performance, smallest keys (256-bit), strongest security
- Cons:Requires newer browsers (Chrome 113+)
- Use cases:Next-generation apps and high-performance scenarios
- Note:RequiredChrome 113+orEdge 113+Browser
FAQ
Why did parsing fail?
Check that the JWT has three dot-separated parts, no extra whitespace or line breaks, and valid Base64URL encoding.
Why did signature verification fail?
Possible causes: wrong key, algorithm mismatch, token tampering, or the wrong key encoding option.
Why does the timestamp look wrong?
JWT uses seconds (10 digits), not milliseconds (13 digits). If the time looks wrong, check the timestamp unit.
Is my data safe?
All decoding and verification runs locally in your browser. Your JWT token and key are never uploaded.
JWT Standard field guide
iss - Issuer | sub - Theme(UserID) | aud - Audience | exp - Expiration time | nbf - Not before | iat - Issued at | jti - JWT ID