🔐

OAuth Token Validator — JWT & OIDC Decoder

Validate and inspect OAuth tokens in your browser. Decode JWT access tokens and ID tokens to view claims, scopes, and expiry. Analyse opaque tokens for entropy and format. Free and private.

ValidatorsAPI & Backend
Loading tool...

How to Use OAuth Token Validator — JWT & OIDC Decoder

How to Use the OAuth Token Validator:

  1. Paste Your Token: Copy the OAuth token from your application — this can be a JWT access token, an OIDC ID token, or an opaque bearer token — and paste it into the input field.

  2. Click "Validate Token": The tool detects the token type automatically. JWT tokens (which start with "eyJ" and have three dot-separated parts) are decoded and inspected. All other tokens are treated as opaque.

  3. JWT Tokens — Inspect Claims: For JWT tokens, the tool displays:

    • Algorithm from the header (e.g. HS256, RS256, ES256)
    • Expiry status — whether the token is currently active or expired
    • Scopes — the OAuth scopes granted to the token, shown as coloured badges
    • OAuth Claims table — subject (sub), issuer (iss), audience (aud), client ID (client_id or azp), and JWT ID (jti)
    • Timing panel — issued-at, not-before, and expires-at in local time
    • Full Payload and Header — collapsible JSON panels with copy support
  4. Opaque Tokens — Analyse Format: For non-JWT tokens, the tool shows:

    • Token length in characters
    • Shannon entropy — a measure of randomness (higher is better; < 3.0 bits/char suggests a sequential or weak token)
    • Character set — whether the token uses alphanumeric, base64url, or mixed characters
    • A note that opaque tokens must be validated via your authorisation server's introspection endpoint (RFC 7662)
  5. Review Warnings: The tool surfaces issues such as expired tokens, missing scope or issuer claims, and the dangerous "alg: none" case.

Notes:

  • Signature verification is not performed — the tool only decodes and analyses the token structure.
  • Your token is never sent to any server. All processing happens in your browser.

Frequently Asked Questions

Most Viewed Tools

📺

Screen Size Converter — Diagonal Dimension Tool

5,967 views

Calculate screen width and height from diagonal size and aspect ratio. Convert between inches and centimeters for displays, TVs, and monitors with instant dimension calculations.

Use Tool →
🖨️

DPI Calculator — Print Resolution Tool

3,884 views

Calculate DPI (dots per inch), image dimensions, and print sizes. Convert between pixels and physical dimensions for printing and displays.

Use Tool →
🔐

TOTP Code Generator — 2FA Testing Tool

3,611 views

Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.

Use Tool →
{}

JSONL Formatter — Line-by-Line Validator

3,608 views

Format, validate, and inspect JSON Lines (JSONL) and NDJSON files. Validates each line individually, reports parse errors by line number, outputs compact JSONL or a pretty-print preview, and lets you download the cleaned file.

Use Tool →
{ }

JSON to Zod — Schema Generator

3,490 views

Generate Zod validation schema code from a JSON sample object. Infers z.string(), z.number(), z.boolean(), z.array(), z.object(), and z.null() types automatically. Handles nested objects, arrays of objects with optional field detection, and outputs copy-ready TypeScript with import and z.infer type alias.

Use Tool →
🔑

Password Entropy Calculator — Crack Time Estimator

3,291 views

Calculate the information-theoretic bit entropy of any password or API key. Detects character set pools automatically, shows the total number of possible combinations, and estimates crack time across five attack scenarios from rate-limited web logins to GPU cracking clusters.

Use Tool →
🔐

TLS Cipher Suite Checker — Strength Analyzer

3,284 views

Check TLS protocol version compatibility and cipher suite strength ratings against current best practices. Supports IANA and OpenSSL cipher names — rates each suite as Strong, Weak, or Deprecated and explains why.

Use Tool →
🔍

Secret Scanner — API Key & Credential Detector

3,014 views

Scan pasted text, code, or config files for accidentally exposed API keys, tokens, passwords, and private keys. Detects 50+ secret types across AWS, GitHub, Stripe, OpenAI, and more — all client-side, nothing leaves your browser.

Use Tool →

Related API & Backend Tools

GraphQL Subscription Builder — Generate WebSocket Payloads and Client Queries

Build GraphQL subscription query strings and generate WebSocket connection code snippets for Apollo Client, urql, and graphql-ws. Define your operation name, variables, and selection fields visually, then copy the ready-to-use code.

Use Tool →
🔁

Webhook Retry Config Calculator — Simulate Exponential Backoff & Jitter

Configure exponential backoff parameters and preview the full retry schedule for webhook delivery. Enter max attempts, initial delay, multiplier, jitter, and a max delay cap to instantly see each retry timestamp, cumulative elapsed time, jitter range, and which delays hit the cap. Supports presets for standard, aggressive, conservative, Stripe-style, and fixed-interval retry policies. Free and runs entirely in your browser.

Use Tool →
📝

REST Endpoint Documenter — Markdown Doc Generator

Document a REST endpoint quickly by entering the URL, method, headers, and sample request/response. Generates formatted Markdown documentation and an example cURL command instantly.

Use Tool →
⏱️

API Latency Budget Calculator — Plan Distributed System Performance

Set a P99 SLO latency target and distribute the budget across your upstream service dependencies. See remaining headroom, utilization percentage, a stacked allocation bar, and a per-service breakdown with optional P99 actual measurements.

Use Tool →
🔍

API Error Decoder — Fix Suggestion Tool

Decode HTTP status codes and OAuth 2.0 error strings with plain-English descriptions, common causes, and actionable fix suggestions. Covers every HTTP 1xx–5xx status code and all standard OAuth 2.0 error responses. Results appear instantly as you type.

Use Tool →
📊

GraphQL Cost Estimator — Analyze Query Complexity and Depth

Assign custom field weights to a GraphQL schema and calculate the total query complexity score. Paste any GraphQL query, configure per-field costs, and get a per-field breakdown table showing depth, multipliers, and cumulative cost.

Use Tool →
🔁

OpenAPI Mock Generator — Turn API Specs into Live Mock Servers

Paste an OpenAPI 3.x or Swagger 2.0 spec, select any endpoint, and instantly get a realistic mock request body and response matching the defined schemas. Also generates a ready-to-run cURL command.

Use Tool →

GraphQL Query Formatter — Mutation & Subscription Tool

Format and prettify GraphQL queries, mutations, subscriptions, and fragments with correct indentation.

Use Tool →

Share Your Feedback

Help us improve this tool by sharing your experience

We will only use this to follow up on your feedback