About This Tool
What is JWT 编码 / 解码?
A tool for encoding and decoding JWT (JSON Web Tokens). JWT is a widely used token format for web authentication and information exchange. You can separate and inspect the header, payload, and signature of a token.
How to Use
- In decode mode, paste a JWT token string to automatically separate the header and payload.
- In encode mode, enter header and payload in JSON format.
- Optionally enter a secret key to generate a signed token.
- Copy the result for your use.
Key Features
- JWT token decoding and structure analysis
- JWT token encoding (with or without signature)
- Separate display of header, payload, and signature
- Formatted JSON output for readability
Tips
- A JWT consists of three parts separated by dots: Header.Payload.Signature.
- JWT payloads are only Base64-encoded, not encrypted — never put sensitive information in them.
- Check standard claims like expiration time (exp) and issued at (iat) to validate tokens.
JWT 编码 / 解码
对 JWT 令牌进行编码或解码
Frequently Asked Questions
在浏览器中解码JWT令牌安全吗?▼
安全。JWT载荷只是Base64编码而非加密——任何持有令牌的人都能读取载荷。在浏览器中解码完全安全,这是JWT设计的使用方式。签名确保令牌未被篡改,但内容是有意可读的。
应该检查哪些常见的JWT声明?▼
关键标准声明:'exp'(过期时间——过期则拒绝),'iat'(签发时间),'nbf'(此时间前无效),'sub'(主题——通常是用户ID),'iss'(签发者),'aud'(受众——预期接收者)。
JWT和基于会话的认证有什么区别?▼
会话在服务器端存储状态(cookie中的会话ID,服务器内存/数据库中的数据)。JWT是无状态的——所有用户数据都在令牌中。JWT扩展性更好(无需服务器端存储)但不易撤销。会话提供更简单的撤销但分布式系统需要共享会话存储。