JWT Validator

Decode a token and verify its signature.

Token
Verify signature
HeadereyJhbGciOiJIUzI1NiIsInR5cCI6…
.
PayloadeyJzdWIiOiIxMjM0NTY3ODkwIiwi…
.
Signaturenmm0qepYRjhNji3O-jq8Pvcr7l_m…
Header
Payload

JWT Validator & Signature Verification

A JSON Web Token (JWT) is only secure if its cryptographic signature is valid. Our JWT Validator lets you paste any JWT alongside its secret or public key to verify that the token has not been tampered with and is cryptographically secure.

Zero Data Tracking: All cryptographic validations are performed securely inside your browser using the Web Crypto API. We never log or transmit your tokens or secrets.

Core Features

  • Local Signature VerificationSupport for verifying HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, and ES512 signatures without server calls.
  • Expiration ChecksAutomatically checks the exp (Expiration Time) and nbf (Not Before) claims to ensure the token is currently active.
  • Detailed Error ReportingPinpoints exactly why a token failed validation—whether it's an invalid signature, expired token, or malformed structure.

Example

Input (Raw JWT)
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Signature Verified
The token is valid and active. The signature was successfully verified using the provided secret key.

Related Tools

Categories

Quick Tips

  • Never expose your secret keys in client-side code or public repositories.
  • Use asymmetric keys (RS256) if you need multiple services to verify a token without being able to sign one.
  • Always ensure your server verifies the JWT signature before returning sensitive data.