Question 1

What is JWT?

Accepted Answer

JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. It's digitally signed, so the information can be verified and trusted.

Question 2

What are the three parts of a JWT?

Accepted Answer

A JWT consists of three parts separated by dots: Header (algorithm and token type), Payload (claims/data), and Signature (verification). Each part is Base64URL encoded.

Question 3

Is JWT secure?

Accepted Answer

JWT is secure when used correctly. The signature ensures the token hasn't been tampered with. However, the payload is only encoded (not encrypted), so sensitive data should not be stored in the payload without additional encryption.

Question 4

What's the difference between HS256 and RS256?

Accepted Answer

HS256 uses a symmetric secret key for signing and verification. RS256 uses an asymmetric key pair (private key to sign, public key to verify). RS256 is preferred when the verifier shouldn't have the signing key.

Question 5

Can I verify the signature here?

Accepted Answer

This tool only decodes the JWT to show its contents. Signature verification requires the secret key (HS256) or public key (RS256), which is not performed client-side for security reasons.

Question 6

What does 'exp' claim mean?

Accepted Answer

The 'exp' (expiration time) claim identifies the expiration time after which the JWT must not be accepted. It's a Unix timestamp in seconds. This tool shows if your token is expired.

JWT Decoder

How to use

What is JWT?

Structure

Format

Common Use Cases

Authentication

API Authorization

Single Sign-On

Mobile Apps

Information Exchange

Microservices

Frequently Asked Questions

What is JWT?

What are the three parts of a JWT?

Is JWT secure?

What's the difference between HS256 and RS256?

Can I verify the signature here?

What does 'exp' claim mean?

Related Tools

Base64 Encoder/Decoder

JSON Formatter

Hash Generator