JWT Decoder

Token JWT inválido.

Cole um token JWT para descodificar o Header e o Payload. A verificação da assinatura não é efetuada.

Token JWT Codificado

Header (JSON)

{...}

Payload (JSON)

{...}

Assinatura (Signature)

...

Exemplos de Código (Criar e Assinar JWT)

Como criar, assinar e verificar um token JWT (HS256) em várias linguagens.

Snippet Copiado!

// Requer: npm install jsonwebtoken
const jwt = require('jsonwebtoken');

const secret = 'o-seu-segredo-super-secreto-de-256-bits';
const payload = { 
  sub: '1234567890',
  name: 'Utilizador Teste',
  iat: Math.floor(Date.now() / 1000) // issued at
};

// Criar e Assinar
const token = jwt.sign(payload, secret, { expiresIn: '1h' });

console.log(token);

// Verificar
try {
  const decoded = jwt.verify(token, secret);
  console.log(decoded);
} catch(err) {
  // err
}

# Requer: pip install PyJWT
import jwt
import time

secret = 'o-seu-segredo'
payload = {
    'sub': '1234567890',
    'name': 'Utilizador Teste',
    'iat': int(time.time())
}

# Criar e Assinar
token = jwt.encode(payload, secret, algorithm='HS256')

print(token)

# Verificar
try:
    decoded = jwt.decode(token, secret, algorithms=['HS256'])
    print(decoded)
except jwt.InvalidTokenError:
    pass # erro

// Requer: io.jsonwebtoken:jjwt-api, jjwt-impl, jjwt-jackson (ou gson)
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
import java.nio.charset.StandardCharsets;
import java.util.Date;

String secretString = "o-seu-segredo-super-secreto-de-256-bits";
SecretKey key = Keys.hmacShaKeyFor(secretString.getBytes(StandardCharsets.UTF_8));

long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);

// Criar e Assinar
String token = Jwts.builder()
    .setSubject("1234567890")
    .claim("name", "Utilizador Teste")
    .setIssuedAt(now)
    .setExpiration(new Date(nowMillis + 3600000)) // 1 hora
    .signWith(key)
    .compact();

System.out.println(token);

// Verificar
// Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token);

// Requer: System.IdentityModel.Tokens.Jwt (NuGet)
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.IdentityModel.Tokens;

var secret = "o-seu-segredo-super-secreto-de-256-bits";
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));

var claims = new[]
{
    new Claim(JwtRegisteredClaimNames.Sub, "1234567890"),
    new Claim(JwtRegisteredClaimNames.Name, "Utilizador Teste"),
    new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)
};

// Criar e Assinar
var token = new JwtSecurityToken(
    issuer: "o-seu-issuer",
    audience: "o-seu-audience",
    claims: claims,
    expires: DateTime.UtcNow.AddHours(1),
    signingCredentials: new SigningCredentials(key, SecurityAlgorithms.HmacSha256)
);

string tokenString = new JwtSecurityTokenHandler().WriteToken(token);
Console.WriteLine(tokenString);

// Requer: go get github.com/golang-jwt/jwt/v5
package main

import (
	"fmt"
	"github.com/golang-jwt/jwt/v5"
	"time"
)

var secretKey = []byte("o-seu-segredo")

func main() {
	claims := jwt.MapClaims{
		"sub":  "1234567890",
		"name": "Utilizador Teste",
		"iat":  time.Now().Unix(),
		"exp":  time.Now().Add(time.Hour * 1).Unix(),
	}

	// Criar e Assinar
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	tokenString, err := token.SignedString(secretKey)
	
	if err != nil {
		panic(err)
	}
	fmt.Println(tokenString)
}

# Requer: gem install jwt
require 'jwt'

secret = 'o-seu-segredo'
payload = {
  sub: '1234567890',
  name: 'Utilizador Teste',
  iat: Time.now.to_i
}

# Criar e Assinar
token = JWT.encode payload, secret, 'HS256'

puts token

# Verificar
# decoded_token = JWT.decode token, secret, true, { algorithm: 'HS256' }