JWT & SD-JWT Decoder FAQ
Quick answers about JWT and SD-JWT decoding, privacy, OAuth2/OIDC claims, and selective disclosures.
What is a JWT?
A JSON Web Token (JWT) is a compact token format that includes a header, payload (claims), and signature for transport between systems.
What is an SD-JWT?
SD-JWT (Selective Disclosure JWT) lets the issuer hide some claims and reveal only selected disclosures to a verifier.
Does this site upload or store my tokens?
No. All decoding happens in the browser. Tokens never leave your device and are not logged or saved.
Does decoding validate a signature?
Decoding parses the token structure and payload. It does not verify signatures unless you validate against known keys in your own system.
How do I check token expiration?
Look for the exp claim. The decoder highlights expiration and recommended claims in the summary section.
Which OAuth2 and OIDC claims should I review?
Common checks include iss (issuer), aud (audience), sub (subject), and exp (expiration).
Why do I see disclosures for SD-JWT?
Disclosures reveal selectively shared claims. The decoder reconstructs the disclosed payload so you can see what was revealed.
What is a key binding JWT?
A key binding JWT links SD-JWT disclosures to a holder key and can appear as an additional JWT segment.
What if my token is malformed?
If the token is missing segments or has invalid Base64URL/JSON, the decoder will show an error banner.
Can I link directly to a decoded token?
Yes. Use the shareable link feature to include ?jwt= or ?token= in the URL.