JWT Debugger
Decode and inspect JSON Web Tokens. Visualize the header, payload, and signature. All processing happens locally in your browser.
Understanding JWTs
JSON Web Tokens (JWT) are a compact, URL-safe way to represent claims between two parties. They consist of three parts separated by dots, each serving a specific purpose in authentication and authorization flows.
Header
Contains metadata about the token type and the signing algorithm being used (e.g., HS256, RS256).
Payload
Contains the claims—statements about the user and additional metadata like expiration time.
Signature
Ensures the token hasn't been altered. Created by signing the header and payload with a secret.
Standard Claims
issIssuerWho issued the tokensubSubjectWho the token is about (usually user ID)audAudienceWho the token is intended forexpExpirationWhen the token expires (Unix timestamp)iatIssued AtWhen the token was creatednbfNot BeforeToken not valid before this timeBuilding authentication?
Stack0 provides secure, scalable authentication with JWT tokens out of the box. Session management, token refresh, and organization support included.
Get started with Stack0 Auth→