Web Security
JWT Decoder & Verifier
Paste a JSON Web Token to decode the header, payload, and signature. Surfaces the security findings that matter — alg confusion, expiration, missing claims, weak algorithms — and optionally verifies the signature against a PEM public key or HMAC secret. Pure client-side; nothing leaves your browser.
Three dot-separated base64url segments. Decode is instant; signature verification is opt-in below.
Optional: verify the signature
Detected algorithm —. Paste the corresponding key to confirm the signature was produced by the expected issuer. Pure client-side via Web Crypto; nothing leaves the browser.
Paste a JWT above (or load a sample) to see its decoded structure.
Standard Claim Reference
Registered JWT and OIDC claims you'll see most often. Click any claim name to copy.
| Claim | Full name | Spec | Description |
|---|
Network & Security Architect
Need help on a network or security project?
I take consulting engagements for network design, segmentation, and security architecture reviews. Reach out to scope something — direct, or via Upwork.