فك تشفير JWT
JSON Web Tokens (JWT) are the standard authentication mechanism for modern APIs and SPAs. A JWT looks like an opaque string of characters, but it encodes three Base64url-decoded parts: header (algorithm), payload (claims), and signature. Our decoder lets you inspect the payload instantly — essential for debugging auth issues — without needing to know the secret key.
الرأس
الحمولة
التوقيع
حول JWT Decoder
JSON Web Tokens (JWT) are the standard authentication mechanism for modern APIs and SPAs. A JWT looks like an opaque string of characters, but it encodes three Base64url-decoded parts: header (algorithm), payload (claims), and signature. Our decoder lets you inspect the payload instantly — essential for debugging auth issues — without needing to know the secret key.
كيفية الاستخدام
- Paste any JWT (the three-part dot-separated string).
- See the decoded header (algorithm, token type) and payload (claims, expiry).
- Check expiration: the tool shows whether the token is expired and how long until expiry.
- View all standard claims (sub, iss, aud, exp, iat, nbf) with human-readable timestamps.
الصيغة والمنهجية
JWT structure: Base64url(header).Base64url(payload).Base64url(signature). Signature = HMAC-SHA256(base64url(header) + "." + base64url(payload), secret). Base64url differs from Base64: uses - instead of +, _ instead of /, no padding (=). The payload is NOT encrypted — only signed. Anyone can decode and read the claims.
حالات الاستخدام الشائعة
- Debugging auth issues: checking if claims are correct, token is expired
- API development: verifying the right claims are included in tokens
- Security audit: ensuring sensitive data is not embedded in JWT payload
- Learning: understanding the structure of OAuth 2.0 and OIDC tokens
- Testing: comparing tokens from different environments
الأسئلة الشائعة
أدوات ذات صلة
كل الأدوات →دمج هذه الأداة في موقعك
مجاني للاستخدام الشخصي والتجاري. فقط انسخ الكود أدناه.