실시간 처리 및 보안 검사를 통한 JSON Web Token 검증
전문 도구
Paste any JWT and instantly see the decoded header, payload, and signature with color-coded display
Supports HMAC (HS256/384/512), RSA (RS256/384/512), ECDSA (ES256/384/512), and PSS algorithms
Automatically detects and displays token expiration status with time remaining or time since expiry
Displays all standard claims (iss, sub, aud, exp, iat) and custom claims with human-readable labels
Create new JWT tokens with custom headers, payloads, and secrets for testing and development
All token processing happens in your browser — your secrets and tokens are never sent to any server
자주 묻는 질문
A JWT (JSON Web Token) is a compact token format used for authentication. It has three Base64URL-encoded parts separated by dots: the header (algorithm and type), the payload (claims like user ID and expiration), and the signature (cryptographic proof the token hasn't been tampered with).
Yes. All decoding happens locally in your browser — no data is sent to any server. However, remember that JWT payloads are only Base64-encoded, not encrypted. Anyone with the token can read the payload, so never put secrets in JWT claims.
HS256 uses a shared secret key (symmetric) — both the creator and verifier need the same secret. RS256 uses a public/private key pair (asymmetric) — the creator signs with a private key and anyone can verify with the public key. Use RS256 for public APIs.
Paste the token and our tool automatically reads the 'exp' claim and compares it to the current time. It shows whether the token is valid, expired, or has no expiration set, along with the exact time remaining or elapsed.
Yes. Enter a custom header and payload, provide a secret, and the tool generates a signed JWT. This is useful for testing API authentication locally, creating mock tokens for development, and learning how JWT signing works.
JWT payloads are Base64-encoded, not encrypted — anyone with the token can decode and read the contents. Store only non-sensitive identifiers (user ID, roles, expiration) in JWTs. Keep sensitive data server-side and reference it by ID.
JWT 모범 사례, API 보안, 인증 패턴에 대한 전문 정보를 받아보세요.