JWT Encoder

Create JSON Web Tokens by entering header and payload data below.

Decode JWT

Header

The header typically contains the algorithm (alg) and token type (typ).

Payload

The payload contains the claims. Common claims include sub, name, iat, exp.

Secret Key

⚠️ For demonstration purposes only. Never expose real secret keys in production environments.

About JWT Encoding

Structure

  • Header: Contains metadata about the token
  • Payload: Contains the claims (user data)
  • Signature: Ensures token integrity (optional)
  • Parts are separated by dots (.)
  • Each part is Base64URL encoded

Common Claims

  • sub - Subject identifier
  • iat - Issued at time
  • exp - Expiration time
  • aud - Audience
  • iss - Issuer

What are JSON Web Tokens (JWTs)?

JSON Web Tokens (JWTs) are an open, industry standard (RFC 7519) method for representing claims securely between two parties. They are compact, URL-safe tokens that can be used for authentication and information exchange.

Common Use Cases

  • Authentication: Single sign-on (SSO) solutions
  • Authorization: Secure API access control
  • Information Exchange: Secure data transmission
  • Stateless Sessions: No server-side session storage needed
  • Mobile Apps: Lightweight authentication
  • Microservices: Service-to-service communication

Algorithms

  • HS256 - HMAC using SHA-256
  • HS384 - HMAC using SHA-384
  • HS512 - HMAC using SHA-512
  • RS256 - RSA using SHA-256
  • ES256 - ECDSA using P-256 and SHA-256
  • none - Unsecured (no signature)

Security Considerations

⚠️ Important Warnings

  • Never expose secrets: Keep signing keys secure
  • Validate tokens: Always verify signatures in production
  • Use HTTPS: Protect tokens in transit
  • Set expiration: Use exp claim
  • Avoid sensitive data: JWTs are not encrypted by default
  • Implement token rotation: Regular key updates

✅ Best Practices

  • Use strong algorithms: Prefer RS256 over HS256
  • Validate all claims: Check iss, aud, exp
  • Keep payloads small: Minimize token size
  • Use proper storage: Secure storage in browsers
  • Implement blacklisting: For logout functionality
  • Monitor token usage: Log and audit access

🕒 Timestamp Helper

Current Unix Timestamp

1750051120

Use this for iat (issued at) claim

Expiry in 1 Hour

1750054720

Use this for exp (expiration) claim