JWT Decoder

What is a JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and information exchange in web development.

JWTs are digitally signed using a secret key (with HMAC algorithm) or a public/private key pair (using RSA or ECDSA), ensuring that the information contained within cannot be altered after the token is issued without detection.

JWT Structure

A JWT consists of three parts separated by dots (.):

• Header

  Contains the token type ("JWT") and the signing algorithm being used (e.g., HMAC SHA256 or RSA).

• Payload

  Contains the claims or assertions about an entity (typically the user) and additional metadata. Common claims include subject (sub), issued at time (iat), expiration time (exp), and issuer (iss).

• Signature

  Created by signing the encoded header, encoded payload, and a secret key using the algorithm specified in the header. The signature verifies that the message wasn't changed and, in the case of tokens signed with a private key, it also verifies the sender of the JWT.

Common JWT Use Cases

• Authentication: After a user logs in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources permitted with that token.

• Information Exchange: JWTs can securely transmit information between parties, as the signature ensures the sender is who they claim to be and the information hasn't been tampered with.

• Authorization: Once a user is logged in, an application can allow or deny access to specific features based on the user's role or permissions included in the JWT payload.

• Federated Identity: JWTs are used in single sign-on (SSO) scenarios where a service provider can verify a user's identity based on a token issued by an identity provider.