JWT Decode / Verify

Decode JWT header and payload locally in the browser, verify HS256 / HS384 / HS512 signatures, and check common claims like exp, nbf, iss, aud, and sub.

JWT Decode / Verify Tool

The JWT decode / verify tool parses JSON Web Token header and payload locally in the browser, verifies common HS256, HS384, and HS512 signatures, and checks basic claims such as exp, nbf, iat, iss, aud, and sub, which makes it useful for auth debugging and token validation workflows.

How do you use it?

  1. Paste the full three-part JWT.
  2. Review the decoded header and payload.
  3. If you need signature verification, enter the secret and choose an algorithm or use auto detection.
  4. If you need claim validation, fill in expected issuer, audience, subject, or clock skew and run the check.

Features

  • Decodes JWT header and payload locally
  • Verifies HS256, HS384, and HS512 signatures
  • Checks basic exp, nbf, iat, iss, aud, and sub claims

Why use this tool?

  • Useful for checking whether frontend and backend JWT secrets, algorithms, and claims match
  • Helpful for investigating expired tokens, not-before timing, and issuer / audience mismatches
  • Saves you from writing one-off JWT decode and verification scripts

Related Security Tools

Hash Generator

Generate MD5, SHA-1, SHA-256 and other hashes.

Enhanced Hash Generator

Generate MD5 and SHA-family hashes in the browser with HEX, Base64, SRI output, and expected digest verification for text or files.

HMAC Generator

Generate HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in the browser for text or files, with HEX, Base64, and expected signature verification.

SRI Hash Generator

Generate SHA-256, SHA-384, and SHA-512 Subresource Integrity values in the browser for text or files, and build ready-to-use integrity HTML snippets.

PBKDF2 Key Derivation

Derive PBKDF2 keys in the browser from a password, salt, hash algorithm, iteration count, and output length, with HEX and Base64 output.

Scrypt Key Derivation

Derive scrypt keys in the browser from a password, salt, N, r, p, and output length, with HEX and Base64 output.

bcrypt Password Hash

Generate salted bcrypt password hashes in the browser from a password and cost rounds, with copy and download support.

bcrypt Verifier

Verify in the browser whether a password matches a bcrypt hash, with instant local compare results.

Argon2 Password Hash

Generate standard encoded Argon2 password hashes in the browser from a password, salt, algorithm, iterations, memory size, and parallelism.

Argon2 Verifier

Verify in the browser whether a password matches an encoded Argon2 hash, with optional secret / pepper support.

密码强度检测

本地 password-strength-checker 思路,在浏览器本地通过 zxcvbn 等算法实时分析密码强度、破解耗时与改进建议。

AES Encrypt / Decrypt

Encrypt or decrypt text in the browser with AES-GCM, AES-CBC, or AES-CTR using a password-derived key or a raw hex key.

JWT 签名

本地 JWT 签名思路,在浏览器本地生成签名 Token。

Basic Auth Generator

Generate HTTP Basic Authorization headers from a username and password locally in the browser.

Basic Auth Decoder

Decode HTTP Basic Authorization headers locally in the browser and extract the username and password.

Cookie Parser

Parse Cookie and Set-Cookie headers locally in the browser and output structured JSON.