← cd /
> JWT Decoder
// Decode and inspect JSON Web Token payloads and headers
How JWT Validation Works
1.
Split — The token is split into three Base64Url-encoded parts: header, payload, and signature.
2.
Decode — The header and payload are Base64Url-decoded to reveal their JSON content.
3.
Verify Signature — Using the algorithm from the header and the appropriate secret/key, the signature is recomputed and compared.
4.
Check Claims — Standard claims like exp (expiration), nbf (not before), and iss (issuer) are validated.
5.
Trust — Only if all checks pass should the token's payload be trusted.
⚠ This decoder does NOT verify signatures. Use a backend library (e.g., jsonwebtoken, jose) for production validation.