JWT Online Encoder/Decoder

How to decode jwt token?

Four easy steps:

1. In the left code area paste your jwt token,
2. Click 'Decode' button Decrypting the jwt token,
3. Header and payload data will display in the corresponding areas on the right.
4. You can enter the public key or key click 'check' button to verify the jwt signature.
   

How to encode jwt token?

1. Enter jwt header, payload key or private key in the right area,
2. Click the 'Decode' button to decode the jwt token,
3. The jwt token will be displayed in the left code area.
4. You can click 'Copy' button to copy the result.

Notice: The jwt token is not uploaded to the server, all encryption and decryption are done on the client side.

What is JWT?

JWT is the abbreviation of JSON Web Tokens. It is the most popular cross-domain authentication solution. It is an open standard (RFC 7519) for securely transmitting information between parties in JSON objects.JWT token consists of three basic parts:Header,Payload,Signature, The Header part includes the JWT type and the signature algorithm used. For example, the Header of a JWT using the HMAC SHA256 algorithm may be as follows:

{
  "alg": "HS256",
  "typ": "JWT"
}

alg is the encryption algorithm, This Header will be Base64Url encoded to form the first part of the JWT. Payload is used to store the actual data that needs to be transmitted. There are 7 official fields specified by JWT for selection:

1. iss: Issuer
2. sub: Subject
3. aud: Receiver
4. exp: Expiration time
5. nbf: Effective time
6. iat: Issue time
7. jti: Number

The Signature part is a signature of the Header and Payload, which is used to verify the authenticity and integrity of the JWT. The signature generation process involves encrypting the Header and Payload using the specified signature algorithm and key. This signature will be added to the last part of the JWT to ensure that the JWT will not be tampered with during transmission.