How to encode and decode JWTs easily

Three powerful JWT tools

Stormpath has three great developer tools that make it easy to both encode and decode JWTs and generate a corresponding code sample.

  • - web-based tool that lets you paste a JWT and decode its header, payload, and signature, or provide header, payload, and signature information to generate a JWT
  • - JJWT is the easiest library for creating and verifying JSON Web Tokens (JWTs) on the JVM. Just drop JJWT into any Java application.
  • JWT Inspector - a browser extension that lets you decode and inspect JSON Web Tokens in requests, cookies, and local storage. Also debug any JWT directly from the console or in the built-in UI.  Encode or Decode JWTs

  • Decode: Paste an existing JWT in order to decode its header, payload, and signature
  • Encode: Provide header, payload, and signature information to generate a new JWT
  • See real-time changes: Modify any information within the JWT and see the header, payload, and signature updated accordingly. Or, make edits to the header, payload, and signature and the JWT will update automatically.

Encode and decode JWTs with

Java JWTs: Create and validate tokens and Java code


Generate Code Samples

Not only does enable you to encode or decode a JWT, it also generates a code sample based on the library of your choice (with even more coming soon!), enabling you to simply copy and paste the code generated into your project or application.
Code for jwtk/nJWT with

View Readme’s Without Leaving the Page

Want to take a look at the Readme for nJwt, PHP-JWT, or other JWT libraries? No sweat. Based on the library you select to generate a code sample on, we’ll automatically pull in the Readme docs directly on the page, so there’s no need to go hunting for them. We also link you to the GitHub repo for the JWT library within the Readme in case you want to dig in further.
Screen Shot 2016-06-17 at 11.50.01 AM (2)

JWT Inspector:  Inspect, Debug, and Test JWTs

Find and inspect JWTs in your browser

JWT Inspector can:

  • Automatically detect JWTs on sites and enable you to access them through the navigation bar
  • Allow you to debug JWTs, including raw JWTS, either in DevTools or the JWT popup
  • Allow you to inspect JWTs in either cookies, local/session storage or requests directly in DevTools
  • Allow you to select a JWT on any page, right click and select “View JWT” to open up a separate page for debugging that JWT
  • Allow you to dump JWTs in your code by using console.jwt() thus enabling raw JWTs to be inspected in console

Debug JWTs directly in the console

JWTs are no joke. Is this tool reliable?

These tools are open source and publicly available on Github so you can check them out. As with everything we develop at Stormpath, this developer tool was designed with security as a core component.

We’d love to hear from you!

If something isn’t working the way you’d expect or there’s a feature you’d like to see added, please let us know by opening an issue on the Github projects.


Have more questions? Submit a request



Article is closed for comments.