How to Inspect a JWT Token
Detailed guide on using the JWT Decoder.
How to Inspect a JWT Token
The JWT Decoder makes it easy to inspect and understand any JWT token.
Step 1: Paste Your Token
Paste your JWT into the input area. The decoder automatically splits it into three parts:
- Header (shown in rose) — algorithm and token metadata
- Payload (shown in violet) — the claims and data
- Signature (shown in blue) — the cryptographic signature
Step 2: Read the Results
The inspection panel shows you the decoded JSON of both header and payload, making it easy to read the token content without manually base64-decoding each part.
Step 3: Verify the Signature (Optional)
If you have the signing secret or public key, paste it into the key input field. The decoder will verify the token's signature and report whether it's valid.
Tips for Inspection
- Check the algorithm — Make sure the
algin the header matches what you expect - Check expiration — Look for the
expclaim to see if the token is still valid - Check the issuer — Verify the
issclaim matches the expected issuer - Watch for "none" — Tokens with
alg: "none"have no signature and should be treated with extreme caution