JWT Validator

Verify a JWT signature and inspect claims. Enter your HMAC secret or RSA public key (PEM), paste the token, and click Run.

  • Runs entirely in your browser
  • No data stored or sent to a server
  • Free forever — no signup
  • Instant conversion

Input and Output

Use the interactive encoder and decoder on this page to process your text.

Learn more about JWT validation

How to Validate JWT Signatures

JWT Validation

What Validation Checks

This tool verifies the cryptographic signature using your HMAC secret or RSA public key, then inspects claims and expiration — all locally in your browser.

HMAC vs RSA

HS256/384/512 tokens require the shared secret. RS256/384/512 tokens require the issuer's public key in PEM format.

Frequently asked questions

Does this check against a remote JWKS endpoint?

No. Paste your secret or public key directly. No network requests are made.

What PEM format is supported for RSA?

Standard SPKI public keys: -----BEGIN PUBLIC KEY----- blocks.