🎫 JWT Dekoder

Dekod JSON Web Tokens (JWT) for at inspicere header, payload og signatur.

Hvad er en JSON Web Token (JWT)?

JWT er en kompakt, URL-sikker måde at repræsentere information (claims) mellem to parter. Bruges typisk til login.

JWT Struktur

  • Header: Indeholder signaturalgoritmen. Contains the signing algorithm (e.g., HS256, RS256) and token type.
  • Payload: Indeholder brugerdata (claims). Contains claims — statements about the user and additional metadata.
  • Signatur: Verificerer at tokenet er ægte. Verifies the token hasn't been tampered with. Created using the header, payload, and a secret key.

Ofte Stillede Spørgsmål

Er det sikkert at dekode en JWT her?

Ja! Dette værktøj kører fuldstændigt i din browser. Dit token sendes ikke til nogen servere.

Hvad betyder det at et token udløber?

'exp' (expiration) angiver, hvornår tokenet udløber. Efter denne dato bør serveren afvise det.

Decodes JSON Web Tokens showing header, payload, and signature without requiring the secret key, for debugging auth flows.

Key Facts

  • Standardized in RFC 7519 (2015)
  • 80%+ of modern APIs use JWT
  • Three parts separated by dots (.)
  • Common algorithms: HS256, RS256

Frequently Asked Questions

What is a JWT?

Compact, URL-safe token with header (algorithm), payload (claims), and signature for API authentication.

Is decoding JWT safe?

Yes — payload is base64-encoded, not encrypted. Security is in signature verification, not content hiding.

What are JWT claims?

Statements about user: iss (issuer), sub (subject), exp (expiration), iat (issued at), aud (audience).

How long should JWT last?

Access tokens: 15-30 min. Refresh tokens: 7-30 days. Short-lived limits damage if compromised.

Relaterede udviklingsværktøjer

📋 JSON Formaterer og Validator 🔐 Hash Generator 📦 Base64 Indkoder/Afkoder 🔗 URL Indkoder/Afkoder