JWT Debugger
Decode and inspect JSON Web Token headers, payloads, and expiry.
About this tool
A JWT (JSON Web Token) is a compact, encoded way to transmit information securely between systems. This tool allows you to instantly decode and inspect the contents of any JWT, revealing the header, payload, and claims stored within—without needing external tools or terminal commands.
To use the JWT Debugger, simply paste your JWT into the input field and the tool immediately displays the decoded header (containing algorithm and token type), the payload (with user data, expiration time, and custom claims), and whether the token signature is valid. This is invaluable when developing APIs, debugging authentication issues, or verifying token contents during troubleshooting.
Common use cases include inspecting auth tokens from OAuth2 flows, validating custom claims in microservices, checking token expiration times, and understanding what data is embedded in your tokens. Keep in mind that while the tool can decode any JWT, it cannot verify the signature without the secret key—for full validation, use server-side libraries or APIs.
Frequently Asked Questions
Code Implementation
import base64, json
def decode_jwt(token: str) -> dict:
parts = token.split(".")
if len(parts) != 3:
raise ValueError("Invalid JWT format")
def decode_part(part):
# Add padding
padded = part + "=" * (4 - len(part) % 4)
decoded = base64.urlsafe_b64decode(padded)
return json.loads(decoded)
return {
"header": decode_part(parts[0]),
"payload": decode_part(parts[1]),
"signature": parts[2],
}
token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyMSJ9.signature"
decoded = decode_jwt(token)
print(json.dumps(decoded["payload"], indent=2))Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.