JWT Token Decoder

Decode and inspect JSON Web Tokens (JWT) with ease

Important: This tool decodes JWT tokens but does NOT verify signatures. Do not use for security decisions. All processing happens client-side.

🎓JWT Security: Common Attack Vectors

Understanding common JWT vulnerabilities helps you build more secure applications.

🚨1. Algorithm Confusion (alg: none)

Attack: Attacker changes the algorithm to "none" and removes the signature, creating an unsigned token that vulnerable servers might accept.

Example: {"alg": "none", "typ": "JWT"}

Defense: Always explicitly specify and enforce accepted algorithms. Never accept "none" in production.

⚠️2. HS256 to RS256 Algorithm Substitution

Attack: Server expects RS256 (public/private key) but attacker changes to HS256 (symmetric key) and signs with the public key, which the server might use to verify.

Why it works: The server's public key becomes the HMAC secret, allowing attackers to forge valid signatures.

Defense: Explicitly verify the algorithm matches expectations. Don't let the token dictate which algorithm to use.

🔑3. Weak Secret Keys (Brute Force)

Attack: For HMAC algorithms (HS256/384/512), attackers can brute-force weak secrets to forge valid tokens.

Weak secrets: "secret", "password", short keys, dictionary words

Defense: Use strong, random secrets (256+ bits). Consider using RS256/ES256 instead to avoid sharing secrets.

4. Missing or Ignored Expiration

Attack: Tokens without expiration claims (exp) or servers that don't validate expiration remain valid forever.

Impact: Stolen tokens can be used indefinitely, even after logout or password change.

Defense: Always include and validate exp claim. Implement token refresh strategies. Consider short lifespans (minutes to hours).

✍️5. Signature Not Verified

Attack: Some JWT libraries only decode tokens without verifying signatures by default, allowing attackers to modify claims.

Impact: Attackers can change user IDs, roles, permissions, or any claim data.

Defense: Always use verify() or similar methods that validate signatures. Never trust decoded claims without verification.

🌐6. JKU/X5U Header Injection

Attack: JWT headers can include jku (JWK Set URL) or x5u (X.509 URL) pointing to key sources. Attackers can point these to malicious servers.

Impact: Server fetches attacker's keys and validates their forged tokens.

Defense: Don't trust jku/x5u headers. Use hardcoded or allowlisted key sources only.

🔐7. Kid (Key ID) Header Injection

Attack: The "kid" header specifies which key to use for verification. Poorly implemented servers might use this unsafely (e.g., file path traversal).

Example: "kid": "../../public.key"

Defense: Validate kid against an allowlist. Never use it directly for file system operations.

🕵️8. Token Sidejacking (XSS/Token Theft)

Attack: If tokens are stored in localStorage or accessible to JavaScript, XSS attacks can steal them.

Impact: Attacker gains full access to user account with stolen token.

Defense: Store tokens in httpOnly cookies when possible. Implement strong CSP headers. Sanitize all user input. Use short expiration times.

✅ JWT Security Best Practices

  • Always verify signatures - Never trust decoded content without verification
  • Use strong algorithms - Prefer RS256, ES256, or PS256 over HS256
  • Enforce algorithm allowlists - Never accept "none" or unexpected algorithms
  • Always include and validate exp - Use short expiration times (minutes to hours)
  • Use strong secrets - 256+ bit random secrets for HMAC algorithms
  • Validate all claims - Check iss, aud, nbf, and custom claims
  • Implement token refresh - Short-lived access tokens with refresh tokens
  • Store securely - Use httpOnly cookies when possible, not localStorage
  • Don't trust header parameters - Validate jku, x5u, kid against allowlists
  • Implement token revocation - Maintain a deny list for compromised tokens
Learn more: OWASP JWT Testing Guide