JWT Decoder & Generator guide
JWT Decoder & Generator Description
A secure tool to decode, verify, and generate JSON Web Tokens (JWT). Inspect headers and payloads with automatic timestamp conversion.
Features
Three-Part Visualization: Color-coded view of Header, Payload, and Signature.
Interactive Table View: View payload data in a clean table with human-readable dates for
iat and exp.Signature Verification: Supports HS (HMAC) signature validation with a user-provided secret.
JWT Generation: Create new tokens by editing JSON and signing with various algorithms.
How to Use
1
Decode: Paste your encoded JWT into the input field to see it instantly disassembled.
2
Generate: Switch to 'Generate' mode, edit the JSON fields, and enter a secret key.
3
Click the Example (Demo) button to see a pre-filled token and its decoded components.
4
Use the Verify feature to check if a token matches the provided secret.
FAQ
Q. Is my token sent to a server?
No. All decoding and verification happen locally in your browser to ensure security.
Q. Which algorithms are supported?
It supports HS256/384/512 for verification and multiple algorithms for structure inspection.
Use Cases
- Auth Debugging: Checking the expiration time and claims of a login token to fix 'Unauthorized' errors.
- Development: Generating mock JWTs for local API testing without running a backend service.
- Security Audit: Manually inspecting the headers of a token for insecure configurations.
Technical Deep Dive
A JWT consists of three Base64Url-encoded parts: Header (alg/typ), Payload (claims), and Signature. This tool uses browser-native crypto APIs for secure generation and verification.
Limitations
- Verification of asymmetric algorithms (RS/ES) is currently for inspection only; actual signature validation requires the public key in a specific format.
3M
Reviewed by Tool3M Editorial Team
Updated April 25, 2026