JWT & JWE Debugger

Decode, verify, sign, encrypt, and decrypt JSON Web Tokens. Our JWT debugger helps you inspect JWT headers and claims, verify signatures, and convert tokens to/from encrypted JWE form.

Your data security is our top priority. All encoding, decoding, encryption and decryption happen in this browser. This tool does not store or send your JWT and JWE outside of the browser. See source code in: https://github.com/authgear/authgear-widget-jwt-debugger

Encode/Decode JWT
Quickly create and inspect JWTs. Paste a JWT to decode the header and payload, or craft your own for testing.
Sign & Verify JWT
Generate cryptographic signatures when creating JWTs, and verify existing JWT signatures to confirm token authenticity and integrity.
JWE Encryption
Encrypt any JWT into a JWE using a public key, ensuring data remains confidential during transmission.
JWE Decryption
Decrypt a JWE token to retrieve the original JWT—including the payload—for analysis.

How the JWT & JWE Debugger Works

Step 1.
Paste or Generate a JWT:
  • Input your JWT to see its decoded header and payload instantly.
  • The tool can verify the JWT’s signature to confirm authenticity and integrity, highlighting whether the token is valid or has been tampered with.
Step 2.
Verify signature (JWT verification):
  • Supply a JWK or JWKS (jwk format / jwks.json) or paste a PEM public key to verify a token’s signature and confirm integrity. The debugger shows kid, alg, and verification status.
Step 2.
Sign / Create a JWT:
  • Build a signed JWT by choosing algorithm (RS256, ES256, HS256, etc.) and a signing key. This is useful for testing jwt authentication flows and experimenting with jwt best practices.
Step 3.
Encrypt JWT to JWE:
  • Encrypt a signed JWT into a JWE (JSON Web Encryption) using a public key to produce confidential tokens. Use JWE when you need payload confidentiality in addition to signature integrity. (See “JWE vs JWT” in our guide for when to use each.)
Step 4.
Decrypt JWE:
  • Paste a JWE and provide the private key to decrypt and retrieve the original JWT. The tool supports common JWE algorithms and shows header fields and enc parameters.
Step 5.
Inspect claims & debug
  • View claims, check exp/iat/nbf logic, and see human-friendly warnings (expired, not yet valid). Use copy buttons to export tokens or keys for local testing

Ready to Supercharge Your Authentication?

Experience seamless, secure, and scalable identity management with Authgear.

Get Started for Free

What is a JWT (JSON Web Token)?

A JWT (JSON Web Token) is an open standard (RFC 7519) for transmitting information securely between parties as a compact, URL-safe JSON object. JWTs are widely used in authentication systems, enabling stateless session management and API security. A standard JWT has three parts:
Header: Specifies the token type and hashing algorithm.
Payload: Contains claims—statements about the user and additional metadata.
Signature: Verifies that the sender of the JWT is who it says it is and ensures the message wasn’t changed along the way.
Common Use Cases:
User authentication and single sign-on (SSO)
Secure API authentication and authorization
Information exchange between applications

What is a JWE (JSON Web Encryption)?

A JWE (JSON Web Encryption) is another open standard (RFC 7516) for encrypting content, providing confidentiality for transmitted information. JWE wraps content—such as a signed JWT—in an encrypted format that only intended parties can decrypt and read. A standard JWE structure:
Protected Header
Encrypted Key
Initialization Vector
Ciphertext (the actual encrypted content)
Authentication Tag
Common Use Cases:
Protect sensitive JWT payloads in transit
Secure confidential data exchange between services
Layer additional security on top of standard JWTs

JWT & JWE Debugger Best Practices

Signature: Verifies that the sender of the JWT is who it says it is and ensures the message wasn’t changed along the way.
Payload: Contains claims—statements about the user and additional metadata.
Header: Specifies the token type and hashing algorithm.
Preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.

Accept all cookies

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.