Paste a JSON Web Token below to instantly decode and inspect its header, payload, and signature. All standard claims are labeled with explanations, timestamps are converted to readable dates, and expired tokens show exactly how long ago they expired.
Pro tip: JWTs are Base64-encoded, not encrypted. Anyone can read the payload — never store sensitive data in a JWT without additional encryption.
Paste a second JWT to see payload differences highlighted.
What Is a JSON Web Token (JWT)?
A JWT is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three Base64URL-encoded parts separated by dots: the header (algorithm and token type), the payload (claims and data), and the signature (verification that the token hasn’t been tampered with).
Standard JWT Claims
The JWT specification defines seven standard claims: iss (issuer),
sub (subject), aud (audience), exp (expiration),
nbf (not before), iat (issued at), and jti
(JWT ID). These are all optional but widely used for authentication and authorization
workflows.
HS256 vs RS256
HS256 uses a shared secret key for both signing and verification — both the issuer and verifier need the same key. RS256 uses an asymmetric key pair: a private key for signing and a public key for verification. RS256 is more secure for distributed systems because you never need to share the private key.
JWT Security Best Practices
Never store sensitive data in JWTs — they are encoded, not encrypted. Always
set reasonable expiration times (15 minutes for access tokens, days for refresh tokens).
Validate all claims on the server, especially exp, iss, and
aud. Use HTTPS to prevent token interception, and implement token refresh
rotation to limit the damage of stolen tokens.
JWT Expiration and Clock Skew
Three time-based claims govern a JWT’s validity window. The exp
(expiration) claim sets the timestamp after which the token must be rejected. The
iat (issued at) claim records when the token was created, which is useful
for auditing and detecting tokens that were issued unusually far in the past. The
nbf (not before) claim specifies the earliest time the token is valid,
allowing tokens to be issued ahead of time for scheduled access. Servers validating
these claims typically allow a small clock skew — usually 30 to 60 seconds —
to account for minor differences between server clocks in distributed systems. One often
overlooked risk is long-lived tokens: a refresh token valid for 90 days gives an attacker
a large window if the token is ever stolen, so pairing long expiration with token rotation
and revocation lists is strongly recommended.
Common JWT Vulnerabilities and How to Avoid Them
The alg: none attack is one of the most well-known JWT vulnerabilities: a
malicious actor crafts a token that sets the algorithm header to none,
effectively removing the signature requirement. Any library that blindly trusts the
algorithm value in the header will accept these unsigned tokens as valid. Always enforce
a strict allowlist of accepted algorithms on your server and never derive the verification
algorithm from the token itself. A subtler attack targets RS256 implementations: if a
server accepts both HS256 and RS256, an attacker can take the RS256 public key (which is
often publicly distributed), use it as an HS256 secret to sign a forged token, and trick
a misconfigured server into accepting it. Finally, remember that JWTs are only
Base64URL-encoded — not encrypted. Any claim in the payload is readable by anyone
who holds the token, so fields like passwords, credit card numbers, or other secrets must
never appear in a JWT without an additional encryption layer (JWE).
When investigating a JWT, the Base64 & Encoding Toolkit lets you manually decode individual token segments and experiment with encoding schemes. To verify HMAC signatures or check the integrity of API payloads outside of a full JWT flow, the Hash Generator provides SHA-256 and HMAC-SHA utilities that pair naturally with JWT inspection work.
Frequently Asked Questions
Is a JWT encrypted?
No. A standard JWT (RFC 7519) is Base64URL-encoded but not encrypted, so anyone with the token can read the payload. If you need confidentiality, use JWE (RFC 7516) which wraps a JWT in an encrypted envelope.
What is the difference between HS256 and RS256?
HS256 uses HMAC with a shared symmetric secret, so both parties need the same key to sign and verify. RS256 uses RSA asymmetric keys, so only the issuer has the private key while consumers verify with the public key. RS256 is preferred for distributed systems where you do not want to share secrets.
Why should I avoid putting sensitive data in a JWT?
Because the payload is readable by anyone who intercepts the token. Never place passwords, personal identifiers beyond a user ID, or API secrets in a JWT. Store those server-side and reference them via a minimal subject claim.
How do I safely refresh an expired JWT?
The common pattern is a short-lived access token paired with a longer-lived refresh token stored in an HttpOnly secure cookie. When exp passes, the client exchanges the refresh token for a new access token. This is described in OAuth 2.0 RFC 6749 section 6.
Is the alg: none vulnerability still a risk?
It can be if libraries are misconfigured. The alg: none attack lets a forged token pass verification if the server accepts unsigned tokens. Always whitelist acceptable algorithms when calling your JWT library and never let the token itself choose the verification algorithm.