Auth0 Home Blog Docs

Can decode the jwt token from the website


I’m using jwt in a web project and i create my token from a unique key. But when I copy the token and paste it in the site it show all of my payload in the payload section. But it also shows that the “Invalid Signature” sign. But my concern is that if someone bypass and get the token from a request header, this person is able to see the data inside the token.

Please help


Hey @vihanga !

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!


This topic was automatically closed after 5 days. New replies are no longer allowed.