JWT Debugger — Decode, Inspect, and Troubleshoot Tokens
Quick Answer: Paste a JWT to see a complete breakdown: decoded header (algorithm, key ID), payload claims (user info, permissions, expiry), signature status, and validity checks. The debugger highlights common issues like expired tokens and missing required claims.
FAQ
What causes "invalid signature" errors?
Wrong secret/key, mismatched algorithm (HS256 vs RS256), modified payload, or the token was signed by a different issuer. Check that your verification key matches the signing key.
How do I debug JWT issues in production?
Log the decoded header (not payload -- it may contain PII) and the verification error. Check: is the issuer (iss) expected? Is the key ID (kid) in your JWKS? Is the token within its validity window?