Can I verify JWT signatures without exposing secrets?

Yes. Signature checks happen locally. Provide the HS shared secret or load a JWKS URL and the tool validates the token without sending it anywhere.

How do I validate a JWT against a JWKS endpoint?

Select the JWKS verification mode, paste the HTTPS endpoint that publishes the keys and run the check so the matching kid is fetched automatically.

Can I re-sign a token after editing the payload?

Yes. Adjust the header or payload, choose HS or RS algorithms and use the Sign pane to issue a new compact JWT locally.

← SeguridadSecurity

JWT Decoder & Verifier

Pega un token JWT para decodificar encabezado y payload, validar la firma (HS/JWKS) y volver a firmarlo sin enviar datos al servidor. Paste a JWT to decode header and payload, validate signatures (HS/JWKS) and re-sign without sending data to any server.

Privacidad:Privacy: Todo se procesa en tu navegador; no enviamos tu token. Everything runs in your browser; we never transmit your token.

Token JWTJWT Token

Pega o escribe tu token (formato JWS con tres segmentos). Paste or type your token (JWS format with three segments).

Decode · Verificar · FirmarDecode · Verify · Sign

HeaderHeader

—

PayloadPayload

—

AlgoritmoAlgorithm

—

kid

—

AlgoritmoAlgorithm

Secreto compartidoShared secret

Payload JSONPayload JSON

Se firmará con typ=JWT y el algoritmo seleccionado. The token will be signed with typ=JWT and the selected algorithm.

Token firmadoSigned token

Header aplicadoApplied header

{}

Audita tokens JWT antes de integrarlos Audit JWTs before shipping integrations

Identifica rápidamente expiraciones, clocks desalineados o firmas incorrectas para evitar errores en APIs, workers y autenticaciones. Catch expirations, clock drift and wrong signatures before they break APIs, workers or authentication flows.

Trabaja offline con secretos HS o verifica proveedores OIDC descargando su JWKS. Work offline with HS secrets or validate OIDC providers by pulling their JWKS.
Comparte encabezados y payload prettificados con tu equipo usando los botones de copia. Share prettified headers and payloads with teammates using the copy buttons.
Simula nuevos tokens ajustando exp, nbf y iat para probar flujos de rotación y caché. Simulate new tokens by tweaking exp, nbf and iat to test rotation and caching flows.

JWT Decoder & Verifier

HeaderHeader

PayloadPayload

Claims críticosCritical claims

Audita tokens JWT antes de integrarlos Audit JWTs before shipping integrations