什么是 JWT?
JWT(JSON Web Token)是一种开放标准(RFC 7519),用于在各方之间安全地传输信息作为 JSON 对象。JWT 广泛用于身份验证和信息交换,特别是在单点登录(SSO)和 API 认证场景中。
JWT 由三部分组成,用点号分隔:
- Header(头部):包含令牌类型和签名算法,如
{"alg":"HS256","typ":"JWT"} - Payload(载荷):包含声明(claims),如用户 ID、过期时间等
- Signature(签名):用于验证消息在传输过程中未被篡改
本工具仅解码 JWT,不验证签名。所有数据在浏览器本地处理,不会上传到服务器。注意:JWT 的 Payload 是 Base64 编码而非加密,不要在 JWT 中存放敏感信息。
What is JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are widely used for authentication and information exchange, especially in Single Sign-On (SSO) and API authentication scenarios.
A JWT consists of three parts separated by dots:
- Header — Contains the token type and signing algorithm, e.g.
{"alg":"HS256","typ":"JWT"} - Payload — Contains claims such as user ID, expiration time, etc.
- Signature — Used to verify that the message wasn't tampered with during transmission
This tool only decodes JWTs and does not verify signatures. All data is processed locally in your browser and never uploaded. Note: JWT Payload is Base64-encoded, not encrypted — never store sensitive information in a JWT.