Example input/output
Input: [JWT token] / Secret: mysecret
Output: ✓ Signature is valid
How it works
This tool extracts the header and payload from the JWT, re-computes the expected HMAC-SHA256 signature using the Web Crypto API, and compares it to the signature in the token. Verification is done entirely in your browser — the token and secret are never sent to a server.
Common use cases
- Verify a JWT signature with the correct secret key before trusting the token
- Detect tampered JWTs by checking signature validity
- Confirm that a JWT was signed with the expected algorithm and secret