JWT-Inspektor
JSON Web Tokens dekodieren und Header, Payload und Signatur untersuchen.⌘⏎ run · ⇧⌘C copy · ⎋ resetINPUTErwarteter Algorithmus
Feld erscheint nur bei HMAC-Algorithmen.
OUTPUT
❯ _Operation ausführen, um Ergebnisse hier zu sehen.then press ⌘⏎
ADSponsored
What is JWT-Inspektor?
The JWT Inspector splits a JSON Web Token into its header, payload and signature, base64url-decodes the parts and shows every claim in readable form with humanized timestamps. Decoding happens entirely in your browser, so it is safe to inspect real tokens — nothing is transmitted. It is the fastest way to see what is inside a token when debugging auth.
How to use it
- 01Paste the full token (header.payload.signature).
- 02Read the decoded header and payload claims.
- 03Check iat/exp/nbf, shown as real dates.
FAQ
Is it safe to paste a real token?
Yes — decoding is local to your browser. Still avoid sharing a permalink of a live token.
Does it verify the signature?
It decodes and shows the claims; verifying requires the signing secret or public key.
What does "exp" mean?
The expiry time — after it, the token should be rejected. It is shown as a human-readable date.
Beispiele
Decode the default token{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFseSIsImlhdCI6MTcxMjUwMDAwMH0.x"
}