JWT解码器

解码JWT(JSON Web Token)的头部和载荷,并检查过期状态。

JWT 解码器
关于JWT
结构 标头.负载.签名
注意 此工具只解码令牌,不验证签名。
What is a JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs can be signed using a secret (HMAC) or a public/private key pair (RSA/ECDSA). They're commonly used for authentication and information exchange in web applications.

结构

A JWT consists of three parts separated by dots: Header (algorithm and token type), Payload (claims/data), and Signature (verification). Each part is Base64Url encoded. The signature ensures the token hasn't been tampered with, but the header and payload can be decoded by anyone.

Cron 解析器
  • User authentication and authorization
  • Single Sign-On (SSO) systems
  • API authentication
  • Secure information exchange between services
  • Stateless session management
Standard Claims
iss Issuer - Who created and signed the token
sub Subject - Who the token is about (usually user ID)
aud Audience - Intended recipient of the token
exp Expiration - Unix timestamp when token expires
iat Issued At - Unix timestamp when token was created
Frequently Asked Questions

Are JWTs encrypted?

Standard JWTs (JWS) are signed but not encrypted - anyone can read the payload. For encrypted tokens, use JWE (JSON Web Encryption). Never store sensitive data in regular JWTs.

How do I invalidate a JWT?

JWTs are stateless by design and can't be directly invalidated. Common strategies include short expiration times, token blacklists, or changing the signing key (invalidates all tokens).