Decode and analyze JWT tokens from your terminal. Inspect headers, payloads, check expiration, and detect security issues.
Part of OffSecKit | Browser version | Unified CLI
This tool is part of the OffSecKit CLI toolkit:
pip install offseckit# Decode a JWT token
osk jwt decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U
# Decode from clipboard (macOS)
pbpaste | osk jwt decode
# Security analysis — check for weak algorithms, missing claims, expiration issues
osk jwt analyze eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiIxMjM0NTY3ODkwIn0.
# Output as JSON for scripting
osk jwt decode --json-output eyJhbGciOiJIUzI1NiIs...
# List all known JWT signing algorithms
osk jwt algorithms| Command | Description |
|---|---|
osk jwt decode |
Decode a JWT and display header, payload, signature, timestamps |
osk jwt analyze |
Run security analysis on a JWT (alg:none, weak keys, missing claims) |
osk jwt algorithms |
List all known JWT signing algorithms with strength ratings |
| Flag | Description |
|---|---|
-i, --input |
JWT token string (alternative to argument) |
--json-output |
Output as JSON for scripting |
- OffSecKit CLI — full toolkit (
pip install offseckit) - Browser version — use in your browser
- JWT Decoder Guide — full guide
MIT