[{"data":1,"prerenderedAt":210},["ShallowReactive",2],{"i-lucide:menu":3,"i-lucide:grip":8,"i-lucide:chevron-right":10,"i-lucide:moon":12,"i-lucide:sun":14,"i-material-symbols:language":16,"i-lucide:chevron-down":18,"i-lucide:shield-check":20,"i-lucide:mail":22,"i-tabler:markdown":24,"i-lucide:code-xml":26,"i-lucide:film":28,"i-lucide:file-text":30,"i-lucide:box":32,"i-lucide:code-2":34,"i-lucide:image":35,"i-lucide:square-sigma":37,"i-lucide:gamepad-2":39,"i-lucide:sparkles":41,"i-lucide:graduation-cap":43,"tool-content-dev-jwtDecoder":45,"i-lucide:x":171,"i-lucide:chevrons-down":173,"i-lucide:copy":175,"i-lucide:clock-alert":177,"i-lucide:key":179,"i-lucide:shield":181,"i-lucide:search":183,"i-lucide:clipboard-paste":185,"i-lucide:layers":187,"i-lucide:clock":189,"i-lucide:braces":191,"i-lucide:file-check-2":193,"i-lucide:file-json-2":196,"i-lucide:diff":198,"i-lucide:regex":200,"i-lucide:map-pin":202,"i-lucide:send-horizontal":204,"i-lucide:arrow-up-right":206,"i-lucide:user-check":208},{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":7},0,24,false,"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M4 5h16M4 12h16M4 19h16\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":9},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Ccircle cx=\"12\" cy=\"5\" r=\"1\"\u002F>\u003Ccircle cx=\"19\" cy=\"5\" r=\"1\"\u002F>\u003Ccircle cx=\"5\" cy=\"5\" r=\"1\"\u002F>\u003Ccircle cx=\"12\" cy=\"12\" r=\"1\"\u002F>\u003Ccircle cx=\"19\" cy=\"12\" r=\"1\"\u002F>\u003Ccircle cx=\"5\" cy=\"12\" r=\"1\"\u002F>\u003Ccircle cx=\"12\" cy=\"19\" r=\"1\"\u002F>\u003Ccircle cx=\"19\" cy=\"19\" r=\"1\"\u002F>\u003Ccircle cx=\"5\" cy=\"19\" r=\"1\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":11},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m9 18l6-6l-6-6\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":13},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M20.985 12.486a9 9 0 1 1-9.473-9.472c.405-.022.617.46.402.803a6 6 0 0 0 8.268 8.268c.344-.215.825-.004.803.401\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":15},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Ccircle cx=\"12\" cy=\"12\" r=\"4\"\u002F>\u003Cpath d=\"M12 2v2m0 16v2M4.93 4.93l1.41 1.41m11.32 11.32l1.41 1.41M2 12h2m16 0h2M6.34 17.66l-1.41 1.41M19.07 4.93l-1.41 1.41\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":17},"\u003Cpath fill=\"currentColor\" d=\"M8.125 21.213q-1.825-.788-3.187-2.15t-2.15-3.188T2 11.988t.788-3.875t2.15-3.175t3.187-2.15T12.013 2t3.875.788t3.175 2.15t2.15 3.175t.787 3.875t-.787 3.887t-2.15 3.188t-3.175 2.15t-3.875.787t-3.888-.787M12 19.95q.65-.9 1.125-1.875T13.9 16h-3.8q.3 1.1.775 2.075T12 19.95m-2.6-.4q-.45-.825-.787-1.713T8.05 16H5.1q.725 1.25 1.813 2.175T9.4 19.55m5.2 0q1.4-.45 2.488-1.375T18.9 16h-2.95q-.225.95-.562 1.838T14.6 19.55M4.25 14h3.4q-.075-.5-.112-.987T7.5 12t.038-1.012T7.65 10h-3.4q-.125.5-.187.988T4 12t.063 1.013t.187.987m5.4 0h4.7q.075-.5.113-.987T14.5 12t-.038-1.012T14.35 10h-4.7q-.075.5-.112.988T9.5 12t.038 1.013t.112.987m6.7 0h3.4q.125-.5.188-.987T20 12t-.062-1.012T19.75 10h-3.4q.075.5.113.988T16.5 12t-.038 1.013t-.112.987m-.4-6h2.95q-.725-1.25-1.812-2.175T14.6 4.45q.45.825.788 1.713T15.95 8M10.1 8h3.8q-.3-1.1-.775-2.075T12 4.05q-.65.9-1.125 1.875T10.1 8m-5 0h2.95q.225-.95.563-1.838T9.4 4.45Q8 4.9 6.912 5.825T5.1 8\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":19},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m6 9l6 6l6-6\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":21},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z\"\u002F>\u003Cpath d=\"m9 12l2 2l4-4\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":23},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"m22 7l-8.991 5.727a2 2 0 0 1-2.009 0L2 7\"\u002F>\u003Crect width=\"20\" height=\"16\" x=\"2\" y=\"4\" rx=\"2\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":25},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M3 7a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z\"\u002F>\u003Cpath d=\"M7 15V9l2 2l2-2v6m3-2l2 2l2-2m-2 2V9\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":27},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m18 16l4-4l-4-4M6 8l-4 4l4 4m8.5-12l-5 16\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":29},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Crect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\"\u002F>\u003Cpath d=\"M7 3v18M3 7.5h4M3 12h18M3 16.5h4M17 3v18m0-13.5h4m-4 9h4\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":31},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M6 22a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h8a2.4 2.4 0 0 1 1.704.706l3.588 3.588A2.4 2.4 0 0 1 20 8v12a2 2 0 0 1-2 2z\"\u002F>\u003Cpath d=\"M14 2v5a1 1 0 0 0 1 1h5M10 9H8m8 4H8m8 4H8\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":33},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M21 8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16Z\"\u002F>\u003Cpath d=\"m3.3 7l8.7 5l8.7-5M12 22V12\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":27},{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":36},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Crect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\" ry=\"2\"\u002F>\u003Ccircle cx=\"9\" cy=\"9\" r=\"2\"\u002F>\u003Cpath d=\"m21 15l-3.086-3.086a2 2 0 0 0-2.828 0L6 21\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":38},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Crect width=\"18\" height=\"18\" x=\"3\" y=\"3\" rx=\"2\"\u002F>\u003Cpath d=\"M16 8.9V7H8l4 5l-4 5h8v-1.9\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":40},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M6 11h4M8 9v4m7-1h.01M18 10h.01m-.69-5H6.68a4 4 0 0 0-3.978 3.59l-.017.152C2.604 9.416 2 14.456 2 16a3 3 0 0 0 3 3c1 0 1.5-.5 2-1l1.414-1.414A2 2 0 0 1 9.828 16h4.344a2 2 0 0 1 1.414.586L17 18c.5.5 1 1 2 1a3 3 0 0 0 3-3c0-1.545-.604-6.584-.685-7.258q-.01-.075-.017-.151A4 4 0 0 0 17.32 5\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":42},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M11.017 2.814a1 1 0 0 1 1.966 0l1.051 5.558a2 2 0 0 0 1.594 1.594l5.558 1.051a1 1 0 0 1 0 1.966l-5.558 1.051a2 2 0 0 0-1.594 1.594l-1.051 5.558a1 1 0 0 1-1.966 0l-1.051-5.558a2 2 0 0 0-1.594-1.594l-5.558-1.051a1 1 0 0 1 0-1.966l5.558-1.051a2 2 0 0 0 1.594-1.594zM20 2v4m2-2h-4\"\u002F>\u003Ccircle cx=\"4\" cy=\"20\" r=\"2\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":44},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M21.42 10.922a1 1 0 0 0-.019-1.838L12.83 5.18a2 2 0 0 0-1.66 0L2.6 9.08a1 1 0 0 0 0 1.832l8.57 3.908a2 2 0 0 0 1.66 0zM22 10v6\"\u002F>\u003Cpath d=\"M6 12.5V16a6 3 0 0 0 12 0v-3.5\"\u002F>\u003C\u002Fg>",{"strings":46,"features":-1,"steps":102,"useCases":124,"articleHtml":168},{"zh":47,"en":76},{"description":48,"inputLabel":49,"inputPlaceholder":50,"header":51,"payload":52,"claimsTitle":53,"expired":54,"expiresAt":55,"errorParts":56,"errorInvalid":57,"demoTitle":58,"demoHint":59,"demoClear":60,"copyValue":61,"copyHeader":62,"copyPayload":63,"claimsFieldCount":64,"copied":65,"expand":66,"collapse":67,"faq1q":68,"faq1a":69,"faq2q":70,"faq2a":71,"faq3q":72,"faq3a":73,"faq4q":74,"faq4a":75},"在线 JWT Token 解码工具，纯浏览器解析 Header、Payload，Token 不离开本地。","粘贴 JWT Token","eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...","Header","Payload","Payload 字段详情","已过期 ·","有效期至","JWT 格式错误：应由三段 Base64 以 . 分隔组成","无法解析 JWT，请检查格式是否正确","演示 JWT Token","这是一个示例 Token，直接粘贴你的 JWT 替换即可","清空","复制值","复制 Header JSON","复制 Payload JSON","{n} 个字段","已复制","展开","折叠","JWT 解码安全吗？我的 Token 会被上传到服务器吗？","完全安全。整个解码过程通过浏览器原生 Base64 算法在本地完成，不会发起任何网络请求，您的 Token 永远不会离开您的设备。可以打开 DevTools → Network 标签页亲自验证：粘贴 Token 时没有任何请求发出。","JWT 的 Header 和 Payload 分别包含哪些信息？","Header 通常包含 alg（签名算法，如 HS256、RS256）和 typ（固定为 JWT）。Payload 包含各种声明（claims）：sub（用户标识）、iat（签发时间）、exp（过期时间）、nbf（生效时间）是标准字段，其余均为业务自定义字段，如用户角色、组织 ID 等。","iat、exp、sub、nbf 这些字段是什么意思？","这些是 JWT 标准注册声明（Registered Claims）：sub 是主题（Subject），通常是用户 ID；iat 是签发时间（Issued At），Unix 时间戳；exp 是过期时间（Expiration），Token 超过此时间后失效；nbf 是生效时间（Not Before），早于此时间不得使用。本工具会将这三个时间戳自动转换为人类可读格式，并高亮显示 Token 是否已过期。","如何判断一个 JWT Token 是否已经过期？","将 Token 粘贴进来，如果 Payload 中存在 exp 字段，工具会自动将其转换为本地时间并标注过期状态：绿色表示仍在有效期内，红色表示已过期。exp 是 Unix 时间戳（秒），代表 Token 的截止时间。",{"description":77,"inputLabel":78,"inputPlaceholder":50,"header":51,"payload":52,"claimsTitle":79,"expired":80,"expiresAt":81,"errorParts":82,"errorInvalid":83,"demoTitle":84,"demoHint":85,"demoClear":86,"copyValue":87,"copyHeader":88,"copyPayload":89,"claimsFieldCount":90,"copied":91,"expand":92,"collapse":93,"faq1q":94,"faq1a":95,"faq2q":96,"faq2a":97,"faq3q":98,"faq3a":99,"faq4q":100,"faq4a":101},"Online JWT Token decoder. Parses Header and Payload entirely in your browser — your token never leaves your device.","Paste JWT Token","Payload Claims","Expired ·","Expires at","Invalid JWT format: expected three Base64 segments separated by dots","Could not parse JWT — please check the format","Demo JWT Token","This is a sample token — paste your own JWT to replace it","Clear","Copy value","Copy header JSON","Copy payload JSON","{n} field | {n} fields","Copied","Expand","Collapse","Is JWT decoding safe? Will my token be uploaded to a server?","Completely safe. The entire decode process uses your browser's native Base64 API — no network request is ever made and your token never leaves your device. Open DevTools → Network and watch for yourself: zero requests while you paste your token.","What information is in a JWT Header and Payload?","The Header contains alg (signing algorithm, e.g. HS256 or RS256) and typ (always JWT). The Payload contains claims: standard ones include sub (subject \u002F user ID), iat (issued-at timestamp), exp (expiry timestamp), and nbf (not-before timestamp). Everything else is application-specific — roles, org IDs, email addresses, custom metadata, and so on.","What do iat, exp, sub, and nbf mean in a JWT?","These are JWT Registered Claims: sub is the Subject (typically a user ID); iat is Issued At (Unix timestamp in seconds of when the token was created); exp is Expiration (token is invalid after this time); nbf is Not Before (token must not be accepted before this time). This tool automatically converts all three timestamps to human-readable local time and flags whether the token has expired.","How can I tell if a JWT token has expired?","Paste the token into the input field. If the Payload contains an exp claim, the tool converts it to local time and shows an expiry badge: green means still valid, red means expired. The exp value is a Unix timestamp in seconds — the moment after which the token is no longer accepted.",{"zh":103,"en":115},[104,107,111],{"icon":105,"title":49,"desc":106},"lucide:clipboard-paste","将 JWT 字符串粘贴到输入框",{"icon":108,"title":109,"desc":110},"lucide:layers","查看解析结果","查看 Header、Payload 和 Signature 三部分的解码内容",{"icon":112,"title":113,"desc":114},"lucide:clock","确认过期时间","查看 exp 字段，判断 Token 是否仍在有效期内",[116,118,121],{"icon":105,"title":78,"desc":117},"Paste the JWT string into the input field",{"icon":108,"title":119,"desc":120},"View Decoded Sections","See decoded content for Header, Payload, and Signature sections",{"icon":112,"title":122,"desc":123},"Check Expiry","Read the exp field to determine whether the token is still valid",{"zh":125,"en":149},[126,130,133,137,141,145],{"icon":127,"title":128,"desc":129},"lucide:key","解析用户登录 Token","展开 JWT Payload 查看 userId\u002F权限\u002F过期时间等字段",{"icon":112,"title":131,"desc":132},"检查 Token 是否过期","快速查看 exp 字段，确认 Token 有效期",{"icon":134,"title":135,"desc":136},"lucide:shield","排查鉴权失败问题","解析 Token 内容，确认 claims 是否符合后端预期",{"icon":138,"title":139,"desc":140},"lucide:search","调试第三方 OAuth","解码 access_token 查看权限范围和用户信息",{"icon":142,"title":143,"desc":144},"lucide:file-text","学习 JWT 结构","直观展示 Header\u002FPayload\u002FSignature 三段结构，理解 JWT 原理",{"icon":146,"title":147,"desc":148},"lucide:user-check","分析 SSO 单点登录 Token","解码企业 SSO 颁发的 JWT，确认用户身份和权限字段正确",[150,153,156,159,162,165],{"icon":127,"title":151,"desc":152},"Inspect Login Tokens","Expand JWT Payload to view userId, permissions, and expiry fields",{"icon":112,"title":154,"desc":155},"Check Token Expiry","Quickly read the exp claim to confirm whether a token is still valid",{"icon":134,"title":157,"desc":158},"Debug Auth Failures","Decode token claims to verify they match backend authorization expectations",{"icon":138,"title":160,"desc":161},"Debug OAuth Flows","Decode third-party access tokens to inspect scopes and user information",{"icon":142,"title":163,"desc":164},"Learn JWT Structure","Visualize Header\u002FPayload\u002FSignature sections to understand how JWTs work",{"icon":146,"title":166,"desc":167},"Analyze SSO Tokens","Decode enterprise SSO-issued JWTs to verify user identity and permission claims",{"zh":169,"en":170},"\u003Ch2>JWT Token 是什么？Header、Payload、Signature 三段结构详解\u003C\u002Fh2>\n\u003Cp>JSON Web Token（JWT）是 2026 年最广泛使用的身份认证凭据格式。几乎所有现代 Web 应用的登录态管理、API 鉴权和单点登录（SSO）都依赖它。一个 JWT 看起来像这样：\u003C\u002Fp>\n\u003Cp>\u003Ccode>eyJhbGci...（Header）.eyJzdWIi...（Payload）.SflKxwRJ...（Signature）\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>它由三段 Base64URL 编码的字符串用 \u003Ccode>.\u003C\u002Fcode> 连接而成：\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Header（头部）\u003C\u002Fstrong>：JSON 对象，包含 \u003Ccode>alg\u003C\u002Fcode>（签名算法，如 HS256、RS256、ES256）和 \u003Ccode>typ\u003C\u002Fcode>（固定为 JWT）。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Payload（载荷）\u003C\u002Fstrong>：JSON 对象，包含各种声明（claims）。\u003Ccode>sub\u003C\u002Fcode> 是用户 ID，\u003Ccode>iat\u003C\u002Fcode> 是签发时间，\u003Ccode>exp\u003C\u002Fcode> 是过期时间，\u003Ccode>nbf\u003C\u002Fcode> 是生效时间，其余为业务自定义字段（角色、组织、权限等）。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Signature（签名）\u003C\u002Fstrong>：用密钥对前两段做 HMAC 或 RSA 签名的结果，服务端用它验证 Token 未被篡改。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Header 和 Payload 仅做 Base64URL 编码，\u003Cstrong>不加密\u003C\u002Fstrong>——任何人拿到 Token 都能直接解码读取内容。这正是本工具的工作原理：无需密钥，纯粹的本地 Base64 解码。\u003C\u002Fp>\n\u003Ch2>在线 JWT 解析工具哪个安全？为什么不能随便用 \u003Ca href=\"http:\u002F\u002Fjwt.io\">jwt.io\u003C\u002Fa>\u003C\u002Fh2>\n\u003Cp>开发者最熟悉的 JWT 解析工具是 \u003Ca href=\"http:\u002F\u002Fjwt.io\">jwt.io\u003C\u002Fa>。但安全团队对它有一个长期的顾虑：\u003Cstrong>你正在把可能包含敏感生产数据的 Token 粘贴到第三方网站\u003C\u002Fstrong>。JWT Payload 里通常有用户 ID、角色权限、邮箱地址、组织标识符——这些在严格的数据安全规范下不应该离开受控环境。\u003C\u002Fp>\n\u003Cp>即便 \u003Ca href=\"http:\u002F\u002Fjwt.io\">jwt.io\u003C\u002Fa> 本身没有恶意，你的浏览器扩展、公司网络代理或未来的代码变更都可能捕获这些内容。在处理生产环境 Token 时，这不是偏执，而是基本的安全卫生。\u003C\u002Fp>\n\u003Cp>MeTool JWT 解码器的设计原则是：\u003Cstrong>Token 绝对不离开你的浏览器\u003C\u002Fstrong>。整个解码过程使用浏览器原生的 \u003Ccode>atob()\u003C\u002Fcode> 函数完成，不发起任何网络请求。你可以打开 DevTools → Network 标签页亲自验证：粘贴 Token 的那一刻，网络面板一片空白。\u003C\u002Fp>\n\u003Ch2>Payload 字段含义速查：iat、exp、sub、nbf 是什么\u003C\u002Fh2>\n\u003Cp>JWT 定义了一组标准注册声明（Registered Claims），每个字段都有精确含义：\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>sub（Subject）\u003C\u002Fstrong>：主题，通常是用户 ID 或账号标识，用于唯一标识 Token 的持有者。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iat（Issued At）\u003C\u002Fstrong>：签发时间，Unix 时间戳（秒）。表示 Token 创建的时刻，用于追踪令牌年龄。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>exp（Expiration Time）\u003C\u002Fstrong>：过期时间，Unix 时间戳（秒）。服务端收到 Token 后会检查当前时间是否超过此值，超过则拒绝请求。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>nbf（Not Before）\u003C\u002Fstrong>：生效时间，Unix 时间戳（秒）。早于此时间的请求不应被接受，常用于预发放 Token。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iss（Issuer）\u003C\u002Fstrong>：签发方，标识谁生成了这个 Token，如 \u003Ccode>https:\u002F\u002Fauth.example.com\u003C\u002Fcode>。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>aud（Audience）\u003C\u002Fstrong>：受众，标识 Token 的目标接收方，服务端会验证自己是否在 aud 列表中。\u003C\u002Fli>\n\u003Cli>\u003Cstrong>jti（JWT ID）\u003C\u002Fstrong>：唯一标识符，用于防止 Token 重放攻击。\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>本工具会将 \u003Ccode>iat\u003C\u002Fcode>、\u003Ccode>exp\u003C\u002Fcode>、\u003Ccode>nbf\u003C\u002Fcode> 自动转换为本地时间并在字段旁显示，省去手动换算 Unix 时间戳的步骤。\u003C\u002Fp>\n\u003Ch2>如何用 JWT 解码器调试常见认证问题\u003C\u002Fh2>\n\u003Cp>以下是开发中最频繁的几个 JWT 相关 bug，以及用本工具快速定位的方法：\u003C\u002Fp>\n\u003Ch3>Token 已过期（401 Unauthorized）\u003C\u002Fh3>\n\u003Cp>粘贴 Token，查看 Payload 中的 \u003Ccode>exp\u003C\u002Fcode> 字段。工具会直接显示"已过期"或"有效期至 xx:xx:xx"——比在控制台手算 \u003Ccode>new Date(exp * 1000)\u003C\u002Fcode> 快得多。\u003C\u002Fp>\n\u003Ch3>算法不匹配（签名验证失败）\u003C\u002Fh3>\n\u003Cp>查看 Header 中的 \u003Ccode>alg\u003C\u002Fcode> 字段，确认与服务端配置的算法一致。HS256 和 RS256 最容易混淆：前者是对称加密（同一个密钥签发和验证），后者是非对称加密（私钥签发、公钥验证）。\u003C\u002Fp>\n\u003Ch3>角色或权限字段不对（403 Forbidden）\u003C\u002Fh3>\n\u003Cp>展开 Payload 中的自定义声明（roles、permissions、scope 等），确认用户当前 Token 携带的权限是否符合预期。Token 过期前权限变更不会即时生效——这是 JWT 无状态设计的典型取舍。\u003C\u002Fp>\n\u003Ch3>嵌套 JSON 字段查看\u003C\u002Fh3>\n\u003Cp>部分系统会在 Payload 中嵌入对象或数组（如用户 profile、多租户 org 信息）。本工具的 Payload 字段详情区会检测嵌套结构，提供展开\u002F折叠查看，并支持一键复制整个嵌套对象的格式化 JSON。\u003C\u002Fp>\n","\u003Ch2>What Is a JWT? The Header, Payload & Signature Structure Explained\u003C\u002Fh2>\n\u003Cp>JSON Web Tokens (JWTs) are the most widely used authentication credential format in 2026. Almost every modern web app — from REST APIs and OAuth flows to single-sign-on systems — issues JWTs. A token looks like this:\u003C\u002Fp>\n\u003Cp>\u003Ccode>eyJhbGci...（Header）.eyJzdWIi...（Payload）.SflKxwRJ...（Signature）\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>It's three Base64URL-encoded strings joined by dots:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Header\u003C\u002Fstrong>: A JSON object containing \u003Ccode>alg\u003C\u002Fcode> (the signing algorithm, e.g. HS256, RS256, ES256) and \u003Ccode>typ\u003C\u002Fcode> (always JWT).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Payload\u003C\u002Fstrong>: A JSON object containing claims. Standard fields include \u003Ccode>sub\u003C\u002Fcode> (user ID), \u003Ccode>iat\u003C\u002Fcode> (issued-at timestamp), \u003Ccode>exp\u003C\u002Fcode> (expiry timestamp), and \u003Ccode>nbf\u003C\u002Fcode> (not-before timestamp). Everything else is application-specific — roles, org IDs, permissions, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Signature\u003C\u002Fstrong>: An HMAC or RSA\u002FEC signature over the first two parts. The server uses this to verify the token hasn't been tampered with.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Header and Payload are only Base64URL-encoded, \u003Cstrong>not encrypted\u003C\u002Fstrong> — anyone with the token can read them without a key. That's exactly how this decoder works: pure client-side Base64 decoding, no key required.\u003C\u002Fp>\n\u003Ch2>Is It Safe to Paste Your JWT Into an Online Tool? Why \u003Ca href=\"http:\u002F\u002Fjwt.io\">jwt.io\u003C\u002Fa> Raises Concerns\u003C\u002Fh2>\n\u003Cp>The most familiar JWT inspector is \u003Ca href=\"http:\u002F\u002Fjwt.io\">jwt.io\u003C\u002Fa>. But security teams have a standing concern: \u003Cstrong>you're pasting potentially sensitive production tokens into a third-party website\u003C\u002Fstrong>. JWT payloads routinely contain user IDs, role assignments, email addresses, and org identifiers — data that strict security policies say shouldn't leave a controlled environment.\u003C\u002Fp>\n\u003Cp>Even if \u003Ca href=\"http:\u002F\u002Fjwt.io\">jwt.io\u003C\u002Fa>'s code is never malicious, your browser extensions, your company's network proxy, or a future code change could capture that content. When handling production tokens, this isn't paranoia — it's basic security hygiene.\u003C\u002Fp>\n\u003Cp>MeTool's JWT Decoder is built on a single principle: \u003Cstrong>your token never leaves your browser\u003C\u002Fstrong>. The entire decode process uses the browser's native \u003Ccode>atob()\u003C\u002Fcode> function — no network request is ever made. Open DevTools → Network tab and verify it yourself: paste a token and the network panel stays completely empty.\u003C\u002Fp>\n\u003Ch2>JWT Claim Reference: What iat, exp, sub, nbf, iss, aud, and jti Mean\u003C\u002Fh2>\n\u003Cp>JWT defines a set of Registered Claims — standard fields with precise, interoperable meanings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>sub (Subject)\u003C\u002Fstrong>: The principal the token represents, typically a user ID or account identifier.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iat (Issued At)\u003C\u002Fstrong>: Unix timestamp (seconds) of when the token was created. Used to track token age.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>exp (Expiration Time)\u003C\u002Fstrong>: Unix timestamp (seconds) after which the token must be rejected. The most common claim checked server-side.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>nbf (Not Before)\u003C\u002Fstrong>: Unix timestamp (seconds) before which the token must be rejected. Used for pre-issued tokens that become valid in the future.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iss (Issuer)\u003C\u002Fstrong>: Identifies who generated the token, e.g. \u003Ccode>https:\u002F\u002Fauth.example.com\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>aud (Audience)\u003C\u002Fstrong>: Identifies the intended recipient(s). Servers verify they are listed in aud before accepting the token.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>jti (JWT ID)\u003C\u002Fstrong>: A unique identifier for this token, used to prevent replay attacks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This tool automatically converts \u003Ccode>iat\u003C\u002Fcode>, \u003Ccode>exp\u003C\u002Fcode>, and \u003Ccode>nbf\u003C\u002Fcode> to human-readable local time and shows them alongside the raw value — no more manually running \u003Ccode>new Date(exp * 1000)\u003C\u002Fcode> in the console.\u003C\u002Fp>\n\u003Ch2>Debugging Common JWT Auth Problems with an Online Decoder\u003C\u002Fh2>\n\u003Cp>Here are the most frequent JWT-related bugs in development, and how to diagnose them in seconds:\u003C\u002Fp>\n\u003Ch3>Token Expired (401 Unauthorized)\u003C\u002Fh3>\n\u003Cp>Paste the token and check the \u003Ccode>exp\u003C\u002Fcode> field in the Payload claims table. The tool shows "Expired" or "Expires at [local time]" — faster than mentally converting a Unix timestamp.\u003C\u002Fp>\n\u003Ch3>Algorithm Mismatch (Signature Verification Fails)\u003C\u002Fh3>\n\u003Cp>Check the \u003Ccode>alg\u003C\u002Fcode> field in the Header and confirm it matches your server config. HS256 and RS256 are the most common point of confusion: HS256 is symmetric (same key signs and verifies), RS256 is asymmetric (private key signs, public key verifies).\u003C\u002Fp>\n\u003Ch3>Missing or Wrong Role\u002FPermission (403 Forbidden)\u003C\u002Fh3>\n\u003Cp>Expand the custom claims in the Payload — \u003Ccode>roles\u003C\u002Fcode>, \u003Ccode>permissions\u003C\u002Fcode>, \u003Ccode>scope\u003C\u002Fcode> — and confirm the token carries the expected access level. Remember: with stateless JWTs, permission changes don't propagate until the user gets a new token.\u003C\u002Fp>\n\u003Ch3>Inspecting Nested JSON Claims\u003C\u002Fh3>\n\u003Cp>Some systems embed nested objects or arrays in the Payload — user profile data, multi-tenant org info, feature flags. The claims detail table detects nested structures, shows a type badge (e.g. \u003Ccode>Object {3}\u003C\u002Fcode> or \u003Ccode>Array [5]\u003C\u002Fcode>), and lets you expand\u002Fcollapse them. Each nested value has its own copy button that copies the fully formatted JSON.\u003C\u002Fp>\n",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":172},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M18 6L6 18M6 6l12 12\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":174},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"m7 6l5 5l5-5M7 13l5 5l5-5\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":176},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Crect width=\"14\" height=\"14\" x=\"8\" y=\"8\" rx=\"2\" ry=\"2\"\u002F>\u003Cpath d=\"M4 16c-1.1 0-2-.9-2-2V4c0-1.1.9-2 2-2h10c1.1 0 2 .9 2 2\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":178},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M12 6v6l4 2m4-2v5m0 4h.01\"\u002F>\u003Cpath d=\"M21.25 8.2A10 10 0 1 0 16 21.16\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":180},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"m15.5 7.5l2.3 2.3a1 1 0 0 0 1.4 0l2.1-2.1a1 1 0 0 0 0-1.4L19 4m2-2l-9.6 9.6\"\u002F>\u003Ccircle cx=\"7.5\" cy=\"15.5\" r=\"5.5\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":182},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":184},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"m21 21l-4.34-4.34\"\u002F>\u003Ccircle cx=\"11\" cy=\"11\" r=\"8\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":186},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M11 14h10M16 4h2a2 2 0 0 1 2 2v1.344M17 18l4-4l-4-4\"\u002F>\u003Cpath d=\"M8 4H6a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h12a2 2 0 0 0 1.793-1.113\"\u002F>\u003Crect width=\"8\" height=\"4\" x=\"8\" y=\"2\" rx=\"1\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":188},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M12.83 2.18a2 2 0 0 0-1.66 0L2.6 6.08a1 1 0 0 0 0 1.83l8.58 3.91a2 2 0 0 0 1.66 0l8.58-3.9a1 1 0 0 0 0-1.83z\"\u002F>\u003Cpath d=\"M2 12a1 1 0 0 0 .58.91l8.6 3.91a2 2 0 0 0 1.65 0l8.58-3.9A1 1 0 0 0 22 12\"\u002F>\u003Cpath d=\"M2 17a1 1 0 0 0 .58.91l8.6 3.91a2 2 0 0 0 1.65 0l8.58-3.9A1 1 0 0 0 22 17\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":190},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Ccircle cx=\"12\" cy=\"12\" r=\"10\"\u002F>\u003Cpath d=\"M12 6v6l4 2\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":192},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M8 3H7a2 2 0 0 0-2 2v5a2 2 0 0 1-2 2a2 2 0 0 1 2 2v5c0 1.1.9 2 2 2h1m8 0h1a2 2 0 0 0 2-2v-5c0-1.1.9-2 2-2a2 2 0 0 1-2-2V5a2 2 0 0 0-2-2h-1\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":194,"hidden":195},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M4 22h14a2 2 0 0 0 2-2V7l-5-5H6a2 2 0 0 0-2 2v4\"\u002F>\u003Cpath d=\"M14 2v4a2 2 0 0 0 2 2h4M3 15l2 2l4-4\"\u002F>\u003C\u002Fg>",true,{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":197,"hidden":195},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M4 22h14a2 2 0 0 0 2-2V7l-5-5H6a2 2 0 0 0-2 2v4\"\u002F>\u003Cpath d=\"M14 2v4a2 2 0 0 0 2 2h4M4 12a1 1 0 0 0-1 1v1a1 1 0 0 1-1 1a1 1 0 0 1 1 1v1a1 1 0 0 0 1 1m4 0a1 1 0 0 0 1-1v-1a1 1 0 0 1 1-1a1 1 0 0 1-1-1v-1a1 1 0 0 0-1-1\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":199},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M12 3v14m-7-7h14M5 21h14\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":201},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M17 3v10m-4.33-7.5l8.66 5m-8.66 0l8.66-5M9 17a2 2 0 0 0-2-2H5a2 2 0 0 0-2 2v2a2 2 0 0 0 2 2h2a2 2 0 0 0 2-2z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":203},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"M20 10c0 4.993-5.539 10.193-7.399 11.799a1 1 0 0 1-1.202 0C9.539 20.193 4 14.993 4 10a8 8 0 0 1 16 0\"\u002F>\u003Ccircle cx=\"12\" cy=\"10\" r=\"3\"\u002F>\u003C\u002Fg>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":205},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M3.714 3.048a.498.498 0 0 0-.683.627l2.843 7.627a2 2 0 0 1 0 1.396l-2.842 7.627a.498.498 0 0 0 .682.627l18-8.5a.5.5 0 0 0 0-.904zM6 12h16\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":207},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M7 7h10v10M7 17L17 7\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":209},"\u003Cg fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\">\u003Cpath d=\"m16 11l2 2l4-4m-6 12v-2a4 4 0 0 0-4-4H6a4 4 0 0 0-4 4v2\"\u002F>\u003Ccircle cx=\"9\" cy=\"7\" r=\"4\"\u002F>\u003C\u002Fg>",1782799329803]