Decode and analyze JWT tokens from your terminal. Inspect headers, payloads, check expiration, and detect security issues.
Part of OffSecKit | Browser version | Unified CLI
This tool is part of the OffSecKit CLI toolkit:
pip install offseckit
# Decode a JWT token osk jwt decode eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U # Decode from clipboard (macOS) pbpaste | osk jwt decode # Security analysis — check for weak algorithms, missing claims, expiration issues osk jwt analyze eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiIxMjM0NTY3ODkwIn0. # Output as JSON for scripting osk jwt decode --json-output eyJhbGciOiJIUzI1NiIs... # List all known JWT signing algorithms osk jwt algorithms
| Command | Description |
|---|---|
osk jwt decode |
Decode a JWT and display header, payload, signature, timestamps |
osk jwt analyze |
Run security analysis on a JWT (alg:none, weak keys, missing claims) |
osk jwt algorithms |
List all known JWT signing algorithms with strength ratings |
| Flag | Description |
|---|---|
-i, --input |
JWT token string (alternative to argument) |
--json-output |
Output as JSON for scripting |
- OffSecKit CLI — full toolkit (
pip install offseckit) - Browser version — use in your browser
- JWT Decoder Guide — full guide
MIT