JWT Debugger

Decode payloads and verify HMAC signatures in real-time.

Invalid Signature
Paste a JWT to begin analysis

Security and Technical Details

Privacy & Security

Your keys and tokens stay in your browser. Verification is handled via the Web Crypto API, ensuring no sensitive data is transmitted over the network.

HMAC Verification

Currently supports HS256. Enter the shared secret to confirm if the signature matches the header and payload, a critical check for ensuring data integrity.