Yoryantra
← Back to Tools

JWT Claims Inspector

Inspect JWT claims locally and check expiration, issued-at, not-before, issuer, audience, subject, scopes, roles, lifetime, and common claim issues. This tool does not verify signatures.

Paste a JWT access token, ID token, or test token. This tool decodes claims locally, but it does not verify the signature or trust the token.

Options

Claim checks are useful for debugging, but a token is trusted only when your server verifies its signature and expected claims.

Output

JWT claims inspection output will appear here.
JWT claim inspection happens directly in your browser. Your token is not uploaded to a server. Avoid pasting real production tokens into any online tool.

Inspecting JWT Claims Beyond Basic Decoding

A JWT decoder shows the header and payload. A claims inspector goes one step further and checks what the claims mean: whether the token is expired, not yet valid, missing issuer or audience, using a risky algorithm, or carrying scopes and roles that need review.

This JWT Claims Inspector helps you review common claims like exp, iat, nbf, iss, aud, sub, scope, scp, roles, permissions, and groups while debugging authentication and API access issues.

Checking JWT Claim Health

  1. Paste a JWT access token, ID token, or safe test token.
  2. Add expected issuer or audience values if you know them.
  3. Choose the output format and time display.
  4. Inspect expiration, not-before, subject, issuer, audience, scopes, and roles.
  5. Review warnings before using the token in real code.

Common JWT Claims Inspector Use Cases

  • Checking why a token is expired or not yet valid.
  • Comparing aud and iss claims with expected API values.
  • Reading scopes, roles, permissions, or groups from a token.
  • Finding long-lived access tokens during debugging.
  • Checking whether subject or issuer claims are missing.
  • Reviewing ID token or access token payloads safely during development.

Example JWT Claims

{
  "iss": "https://auth.example.com",
  "aud": "api-client",
  "sub": "1234567890",
  "scope": "read:tools write:tools",
  "iat": 1717075200,
  "exp": 1717078800
}

Claim Inspection Does Not Verify Trust

Reading claims is useful, but it does not prove the token is trusted. A JWT can only be trusted after the signature, algorithm, issuer, audience, expiry, and other expected claims are verified by your application or API.

Use this tool for inspection and debugging. For real authorization decisions, always verify the JWT on the server with the correct key and claim checks.

Frequently Asked Questions

What does a JWT Claims Inspector do?

It decodes JWT claims and checks common claim issues such as expiry, issuer, audience, subject, not-before, scopes, and roles.

Is this different from a JWT Decoder?

Yes. A decoder shows the token payload. This tool explains and checks the claims inside that payload.

Does this verify the JWT signature?

No. It inspects claims only. Use your server or a signature verifier when you need to verify trust.

Can this check aud and iss values?

Yes. Add expected audience and issuer values, and the tool will compare them with the token claims.

Is my JWT uploaded anywhere?

No. Claim inspection happens directly in your browser.