JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims between two parties. A JWT consists of three parts separated by dots: Header.Payload.Signature. The header contains metadata about the token type and signing algorithm, the payload contains the claims (data), and the signature ensures the token hasn't been tampered with.
This tool can both encode and decode JWTs. The decoder validates basic JWT structure and checks common time-based claims like expiration (exp), not-before (nbf), and issued-at (iat). The encoder creates JWT tokens with custom headers and payloads, but uses placeholder signatures for demonstration purposes only.
Common JWT claims include: iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), and jti (JWT ID). Custom claims can also be included for application-specific data. Remember that JWT payloads are only base64-encoded, not encrypted, so never include sensitive information in the payload.