JWT is a macOS application for securely decoding JSON Web Tokens without sending any information to the Internet.
JWT JSON Web Token Decoder is available in the macOS App Store.
This application does not have any capabilities to send or receive network data. There are no analytics, no tracking, and no other means of communication. It is designed to be safe, keeping tokens local to your computer.
Identifies which algorithm is used to generate the signature HS256 indicates that this token is signed using HMAC-SHA256.
Typical cryptographic algorithms used are HMAC with SHA-256 (HS256) and RSA signature with SHA-256 (RS256). JWA (JSON Web Algorithms) RFC 7518 introduces many more for both authentication and encryption.
Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token.
This example has the standard Issued At Time claim (iat) and a custom claim (loggedInAs).
Securely validates the token. The signature is calculated by encoding the header and payload using Base64url Encoding RFC 4648 and concatenating the two together with a period separator. That string is then run through the cryptographic algorithm specified in the header, in this case HMAC-SHA256. The Base64url Encoding is similar to base64, but uses different non-alphanumeric characters and omits padding.
For any feedback or concerns, please reach out to @eneko on Twitter.