How to Debug JWT Tokens Step by Step
JWT tokens contain encoded claims that can be decoded and inspected. Learn how to decode, verify, and troubleshoot JWT authentication issues.
Key Takeaways
- A JWT consists of three Base64URL-encoded parts separated by dots: header, payload, and signature.
- JWT payloads are encoded, not encrypted.
- Token expired**: The `exp` claim is in the past. Check server-client time sync.
- Never paste production JWT tokens into online decoders β they contain sensitive user data.
- JWT `exp` is a Unix timestamp in seconds.
Hash Generator
Generate SHA-1, SHA-256, SHA-384, SHA-512 hashes from text
JWT Structure
A JWT consists of three Base64URL-encoded parts separated by dots: header, payload, and signature. The header specifies the algorithm. The payload contains claims (user data, expiration, permissions). The signature verifies integrity.
Decoding Without Verification
JWT payloads are encoded, not encrypted. You can decode the header and payload without the secret key. This is useful for debugging β inspect the claims, check expiration times, and verify the token structure.
Common JWT Problems
- Token expired: The
expclaim is in the past. Check server-client time sync. - Invalid signature: The token was modified or signed with a different key.
- Missing claims: Required fields like
sub,iss, oraudare absent. - Wrong algorithm: The server expects RS256 but the token uses HS256.
Security Considerations
Never paste production JWT tokens into online decoders β they contain sensitive user data. Use client-side tools that decode tokens in the browser without sending data to any server.
Expiration Management
JWT exp is a Unix timestamp in seconds. A common mistake is using milliseconds, which makes the token expire thousands of years in the future. Always verify the timestamp format matches your JWT library's expectations.
κ΄λ ¨ λꡬ
κ΄λ ¨ ν¬λ§·
κ΄λ ¨ κ°μ΄λ
JSON vs YAML vs TOML: Choosing a Configuration Format
Configuration files are the backbone of modern applications. JSON, YAML, and TOML each offer different trade-offs between readability, complexity, and tooling support that affect your development workflow.
How to Format and Validate JSON Data
Malformed JSON causes silent failures in APIs and configuration files. Learn how to format, validate, and debug JSON documents to prevent integration errors and improve readability.
Base64 Encoding: How It Works and When to Use It
Base64 converts binary data into ASCII text, making it safe for transmission through text-based systems. Learn when Base64 is the right choice and when alternatives like hex encoding or URL encoding are more appropriate.
Best Practices for Working with Unix Timestamps
Unix timestamps provide a language-agnostic way to represent points in time, but they come with pitfalls around time zones, precision, and the 2038 problem. This guide covers best practices for storing and converting timestamps.
Troubleshooting JWT Token Issues
JSON Web Tokens are widely used for authentication but can be frustrating to debug. This guide covers common JWT problems including expiration errors, signature mismatches, and payload decoding issues.