Skip to content
devsmiths

JWT Decoder & Verifier

Decode JWS or JWE, verify signatures, check claims — all in your browser.

What this tool does

The JWT Decoder & Verifier opens any JWS (3-segment) or JWE (5-segment) compact token in your browser — no network, no upload. The header and payload appear with claim-by-claim explanations sourced from the JOSE RFCs; the warning engine catches alg: none, expired tokens, weak HMAC keys, and other documented footguns; verification supports HMAC, RSA, EC, and EdDSA signatures, and JWE decryption with the matching private key.

How to use it

Paste a token or pick a sample. The header + payload appear immediately. For verification, paste the key into the Verify pane — PEM, JWK, or raw HMAC are auto-detected.

Input: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Output: {"alg":"HS256","typ":"JWT"} · {"sub":"1234567890"} · Signature valid (with the bundled HS256 sample key).

Limits and edge cases

  • Tokens never leave your browser; WebCrypto runs every operation locally.
  • Maximum token size: 100 KB. Anything larger is refused.
  • No JWKS auto-fetch — paste the JWK directly. kid mismatch is reported.
  • alg=none is decoded but never trusted (RFC 8725 §3.1).
  • Supported JWS: HS256/384/512, RS256/384/512, ES256/384/512, PS256/384/512, EdDSA. JWE alg: RSA-OAEP, RSA-OAEP-256, A128/192/256KW, A128/192/256GCMKW, ECDH-ES, ECDH-ES+A128/192/256KW, dir. JWE enc: A128/192/256GCM, A128CBC-HS256, A192CBC-HS384, A256CBC-HS512.
  • Clock skew tolerance for exp/nbf/iat: 5 seconds.

Frequently asked questions

Is my JWT sent to a server?
No — every operation runs in your browser via the WebCrypto API. The route loader only returns the page locale.
Why is alg=none refused?
Because trusting alg=none has caused real attacks (Auth0 2015 and many since). RFC 8725 §3.1 specifies that implementations MUST reject it.
What key formats do you accept?
PEM (PKCS#8 / SPKI), JWK, and raw HMAC secrets (UTF-8 string / hex / base64). Format is auto-detected; the detected type is shown beside the input.
Can you verify against a JWKS endpoint?
Not in v1 — paste the JWK directly. Auto-fetch would mean outbound network from a tool that promises local-only operation; we may add it later behind an explicit toggle.
How are expired tokens handled?
They decode and verify normally; a yellow warning notes the expiry delta. The signature is still cryptographically valid — the warning is about freshness, not validity.
What's the difference between JWS and JWE?
JWS proves who signed (3 dot-separated segments, plaintext payload). JWE protects what (5 segments, encrypted ciphertext). JWS = integrity; JWE = confidentiality.
Why do you warn about CBC-HS modes?
Authenticated AES-GCM detects tampering as part of the cipher. CBC-HMAC requires more care to implement correctly and has been a source of real bugs in JOSE libraries.
Can I generate a JWT here?
Not in v1 — this tool is decode/verify-only. Generator mode is on the roadmap.