What are the key takeaways from this guide?

A JWT consists of three Base64URL-encoded parts separated by dots: header, payload, and signature.. JWT payloads are encoded, not encrypted.. Token expired**: The `exp` claim is in the past. Check server-client time sync.. Never paste production JWT tokens into online decoders — they contain sensitive user data.. JWT `exp` is a Unix timestamp in seconds..

Who is this guide for?

This guide is designed for beginner-level users and takes about 1 minutes to read.

How-To Beginner 1 min read 197 words

How to Debug JWT Tokens Step by Step

JWT tokens contain encoded claims that can be decoded and inspected. Learn how to decode, verify, and troubleshoot JWT authentication issues.

Key Takeaways

A JWT consists of three Base64URL-encoded parts separated by dots: header, payload, and signature.
JWT payloads are encoded, not encrypted.
Token expired**: The `exp` claim is in the past. Check server-client time sync.
Never paste production JWT tokens into online decoders — they contain sensitive user data.
JWT `exp` is a Unix timestamp in seconds.

Featured Tool

Hash Generator

Generate SHA-1, SHA-256, SHA-384, SHA-512 hashes from text

Try it Free

JWT Structure

A JWT consists of three Base64URL-encoded parts separated by dots: header, payload, and signature. The header specifies the algorithm. The payload contains claims (user data, expiration, permissions). The signature verifies integrity.

Decoding Without Verification

JWT payloads are encoded, not encrypted. You can decode the header and payload without the secret key. This is useful for debugging — inspect the claims, check expiration times, and verify the token structure.

Common JWT Problems

Token expired: The exp claim is in the past. Check server-client time sync.
Invalid signature: The token was modified or signed with a different key.
Missing claims: Required fields like sub, iss, or aud are absent.
Wrong algorithm: The server expects RS256 but the token uses HS256.

Security Considerations

Never paste production JWT tokens into online decoders — they contain sensitive user data. Use client-side tools that decode tokens in the browser without sending data to any server.

Expiration Management

JWT exp is a Unix timestamp in seconds. A common mistake is using milliseconds, which makes the token expire thousands of years in the future. Always verify the timestamp format matches your JWT library's expectations.

Ferramentas relacionadas

H Hash Generator P Password Generator C Conversor de Timestamp Unix G Gerador de Expressão Cron C Calculadora Chmod S String Escape / Unescape I IP Subnet Calculator C Color Code Converter C CSV ↔ JSON Converter X XML ↔ JSON Converter S SQL Formatter M Markdown Table Generator H HTTP Status Code Reference M Meta Tags Generator R Robots.txt Generator . .gitignore Generator H HTML Formatter C CSS Unit Converter J JSONPath Evaluator T Text Diff Checker D Data URI Converter L Lorem Ipsum Generator P Path Converter . .htaccess Generator . .env Validator P Placeholder Image Generator

Formatos relacionados

.css .csv .html .json .md .txt .xml .yaml

Guias relacionados

JSON vs YAML vs TOML: Choosing a Configuration Format

Configuration files are the backbone of modern applications. JSON, YAML, and TOML each offer different trade-offs between readability, complexity, and tooling support that affect your development workflow.

How to Format and Validate JSON Data

Malformed JSON causes silent failures in APIs and configuration files. Learn how to format, validate, and debug JSON documents to prevent integration errors and improve readability.

Base64 Encoding: How It Works and When to Use It

Base64 converts binary data into ASCII text, making it safe for transmission through text-based systems. Learn when Base64 is the right choice and when alternatives like hex encoding or URL encoding are more appropriate.

Best Practices for Working with Unix Timestamps

Unix timestamps provide a language-agnostic way to represent points in time, but they come with pitfalls around time zones, precision, and the 2038 problem. This guide covers best practices for storing and converting timestamps.

Troubleshooting JWT Token Issues

JSON Web Tokens are widely used for authentication but can be frustrating to debug. This guide covers common JWT problems including expiration errors, signature mismatches, and payload decoding issues.