Question 1

What is a JSON Web Token (JWT)?

Accepted Answer

A JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a compact, URL-safe JSON object. JWTs are commonly used for authentication and authorization in web applications and APIs.

Question 2

What is the structure of a JWT?

Accepted Answer

A JWT consists of three parts separated by dots: the Header (specifies the algorithm and token type), the Payload (contains the claims or data), and the Signature (used to verify the token's integrity). Each part is Base64URL-encoded.

Question 3

Is JWT secure?

Accepted Answer

JWTs themselves are not encrypted by default — they are only signed. This means anyone can read the payload by decoding it. The signature ensures the token has not been tampered with, but sensitive data should not be stored in a JWT unless it is also encrypted (JWE).

Question 4

Is it safe to decode a JWT in the browser?

Accepted Answer

Yes. Decoding a JWT simply means Base64URL-decoding its parts, which does not require any secret key. The signature cannot be verified without the secret, but reading the header and payload is perfectly safe and happens entirely in your browser.

Question 5

What are common JWT claims?

Accepted Answer

Common registered claims include: sub (subject), iat (issued at), exp (expiration time), iss (issuer), aud (audience), and nbf (not before). Applications can also define custom claims for their own use.

JWT Decode & Inspect

How to Use JWT Decode & Inspect

What is JWT Decode?

Frequently Asked Questions

Related Tools