JWT Claims Validator
Validate JWT token claims including expiry and issuer.
Frequently Asked Questions
Code Implementation
import jwt # pip install PyJWT
import datetime
SECRET = "your-256-bit-secret"
# Create a JWT (HS256)
payload = {
"sub": "user123",
"iss": "https://myapp.com",
"aud": "https://api.myapp.com",
"iat": datetime.datetime.utcnow(),
"exp": datetime.datetime.utcnow() + datetime.timedelta(hours=1),
"role": "admin",
}
token = jwt.encode(payload, SECRET, algorithm="HS256")
print("Token:", token)
# Decode and verify a JWT
try:
decoded = jwt.decode(
token,
SECRET,
algorithms=["HS256"],
audience="https://api.myapp.com",
)
print("Subject:", decoded["sub"])
print("Role:", decoded["role"])
except jwt.ExpiredSignatureError:
print("Token has expired")
except jwt.InvalidTokenError as e:
print("Invalid token:", e)
# Decode without verification (inspect only β never trust for auth)
header = jwt.get_unverified_header(token)
print("Algorithm:", header["alg"])Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.