DevBolt
Processed in your browser. Your data never leaves your device.

JWT Token Examples & Common Claims

Explore common JWT token examples and payload structures. Paste any example into the decoder above to inspect its header, payload, and claims in detail.

← Back to tools

JWT Decoder

Decode and inspect JSON Web Tokens. View header, payload, and expiration status.

Standard JWT claims

JWT defines several registered claims: iss (issuer), sub (subject), aud (audience), exp (expiration time), nbf (not before), iat (issued at), and jti (JWT ID). These are not required but are widely used conventions. Custom claims can be added for application-specific data like user roles, permissions, and email.

Authentication token example

A typical auth JWT contains: header with algorithm (HS256 or RS256), payload with sub (user ID), email, roles/permissions, iat (issued timestamp), and exp (expiration). The signature ensures the token has not been tampered with. Access tokens typically expire in 15–60 minutes.

Common JWT header algorithms

HS256 (HMAC-SHA256) uses a shared secret — simple but requires the secret on both sides. RS256 (RSA-SHA256) uses public/private key pairs — more secure for distributed systems. ES256 (ECDSA) is similar to RS256 but with smaller keys. Most APIs use RS256 for public key verification.

Frequently Asked Questions

What are the three parts of a JWT?

A JWT has three Base64url-encoded parts separated by dots: the Header (algorithm and type), the Payload (claims/data), and the Signature (verification hash). Example: xxxxx.yyyyy.zzzzz

Should I store sensitive data in JWT?

No. JWT payloads are only Base64-encoded, not encrypted. Anyone can decode and read the payload. Never store passwords, credit card numbers, or other secrets in JWT claims.

Related tools

JWT Structure ExplainedSafe JWT DecoderNode.js JWT Decode & VerifyPython JWT Decode & Verify← All JWT Decoder features

Related Inspect Tools

{ }

JSON Visualizer

Visualize JSON as an interactive tree — collapsible nodes, search, path copy, depth controls, and data statistics

GDV

Git Diff Viewer

Paste unified diff output from git diff and view it with syntax highlighting, line numbers, and side-by-side or inline display

ZIP

Compression Tester

Test and compare Brotli, Gzip, and Deflate compression ratios for text content — sizes, savings, and speed

TS6

TypeScript 6.0 Migration Checker

Analyze your tsconfig.json for TS 6.0 breaking changes, deprecated options, new defaults, and get a readiness grade with fixes