🔑 Paste your JWT
Supports HS256, RS256, ES256 (signature verify only for HS256 with secret).
🧩 JWT structure & common claims
A JSON Web Token consists of three parts separated by dots: Header.Payload.Signature
iss — Issuer
sub — Subject
aud — Audience
exp — Expiration (timestamp)
nbf — Not Before
iat — Issued At
jti — JWT ID
🔒 Security best practices
- Always validate signature (HS256/RS256) before trusting claims.
- Use short expiration (
exp) and enforce nbf.
- Never store secrets in client-side code; for verification only.
- Use HTTPS; do not expose tokens in URLs.
- Rotate signing keys regularly.