Question 1

What is a JWT token?

Accepted Answer

A JWT (JSON Web Token) is a compact, URL-safe way to represent claims between two parties. It's commonly used for authentication and contains three parts: a header specifying the algorithm, a payload with user data and claims, and a signature for verification.

Question 2

Is it safe to decode JWTs in the browser?

Accepted Answer

Yes, decoding is safe because the header and payload are only Base64-encoded, not encrypted. However, never trust decoded data without verifying the signature server-side. This tool is for inspection only—always validate tokens on your backend.

Question 3

What do the 'exp' and 'iat' claims mean?

Accepted Answer

The 'exp' (expiration) claim indicates when the token expires, and 'iat' (issued at) shows when it was created. Both are Unix timestamps. Other common claims include 'sub' (subject/user ID), 'iss' (issuer), and 'aud' (audience).

Bearer Token Viewer

JWT Bearer Tokens - Technical Details

Command-line Alternative

Reference