Decodificador JWT

Decodificar el encabezado y carga útil de JWT (JSON Web Token), y verificar el estado de expiración.

Decodificador JWT

Acerca de JWT

Estructura Encabezado.Carga útil.Firma

Nota Esta herramienta solo decodifica el token. No verifica la firma.

What is a JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs can be signed using a secret (HMAC) or a public/private key pair (RSA/ECDSA). They're commonly used for authentication and information exchange in web applications.

Estructura

A JWT consists of three parts separated by dots: Header (algorithm and token type), Payload (claims/data), and Signature (verification). Each part is Base64Url encoded. The signature ensures the token hasn't been tampered with, but the header and payload can be decoded by anyone.

Analizador Cron

User authentication and authorization
Single Sign-On (SSO) systems
API authentication
Secure information exchange between services
Stateless session management

Standard Claims

iss Issuer - Who created and signed the token

sub Subject - Who the token is about (usually user ID)

aud Audience - Intended recipient of the token

exp Expiration - Unix timestamp when token expires

iat Issued At - Unix timestamp when token was created

Frequently Asked Questions

Are JWTs encrypted?

Standard JWTs (JWS) are signed but not encrypted - anyone can read the payload. For encrypted tokens, use JWE (JSON Web Encryption). Never store sensitive data in regular JWTs.

How do I invalidate a JWT?

JWTs are stateless by design and can't be directly invalidated. Common strategies include short expiration times, token blacklists, or changing the signing key (invalidates all tokens).