DevToolsForYou

JWT Encoder and Decoder in C# / .NET — Code Examples

JWT Encoder and Decoder in C# / .NETUse the online tool →

JSON Web Tokens (JWTs) are a compact, URL-safe format for transmitting claims between parties. A JWT has three Base64url-encoded parts separated by dots: header, payload, and signature. Here is how to sign, verify, and decode JWTs in each language.

C# uses the System.IdentityModel.Tokens.Jwt NuGet package. JwtSecurityTokenHandler handles both signing and validation.

Also in:JavaScript / Node.jsPythonGoJavaPHPRubyRust
C# / .NET
// NuGet: System.IdentityModel.Tokens.Jwt
//        Microsoft.IdentityModel.Tokens
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.IdentityModel.Tokens;

var secret = "my-secret-key-32-bytes-long!!!";
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

// Sign (encode)
var token = new JwtSecurityToken(
    issuer: "my-app",
    audience: "my-users",
    claims: [
        new Claim("user_id", "42"),
        new Claim("name", "Alice"),
        new Claim("role", "admin"),
    ],
    expires: DateTime.UtcNow.AddHours(1),
    signingCredentials: creds
);
string tokenStr = new JwtSecurityTokenHandler().WriteToken(token);
Console.WriteLine(tokenStr);

// Verify and decode
var handler = new JwtSecurityTokenHandler();
var validationParams = new TokenValidationParameters {
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = key,
    ValidateIssuer = true,  ValidIssuer   = "my-app",
    ValidateAudience = true, ValidAudience = "my-users",
    ClockSkew = TimeSpan.Zero, // strict expiry
};
var principal = handler.ValidateToken(tokenStr, validationParams, out _);
Console.WriteLine(principal.FindFirst("name")?.Value); // Alice
Notes & gotchas
  • Set ClockSkew = TimeSpan.Zero to enforce strict token expiry; the default allows 5 minutes of drift.
  • The SymmetricSecurityKey requires at least 128 bits (16 bytes) for HS256; use 256 bits (32 bytes) for a comfortable security margin.
  • In ASP.NET Core, use AddAuthentication().AddJwtBearer() to integrate JWT validation into the middleware pipeline.
Try it in your browser

Need to jwt encode/decode without writing code? The JWT Encoder and Decoder runs entirely in your browser — paste your input and get the result instantly. No signup, no install, no data sent to a server.

Open JWT Encode/Decode
JWT Encoder and Decoder in other languages

JWT Encoder and Decoder in JavaScript / Node.js

The jsonwebtoken package is the standard Node.js JWT library. Use jwt.sign to create tokens and jwt.verify to validate them.

JWT Encoder and Decoder in Python

PyJWT is the standard Python JWT library. Pass the algorithm explicitly to jwt.decode to prevent algorithm confusion attacks.

JWT Encoder and Decoder in Go

The golang-jwt/jwt package is the maintained fork of the popular dgrijalva/jwt-go library. Define a custom Claims struct for typed access.

JWT Encoder and Decoder in Java

JJWT (io.jsonwebtoken) is the most popular Java JWT library. Use Jwts.builder() to create tokens and Jwts.parser() to verify them.

JWT Encoder and Decoder in PHP

firebase/php-jwt is the standard PHP JWT library. Use JWT::encode to sign and JWT::decode with a Key object to verify.

JWT Encoder and Decoder in Ruby

The jwt gem is the standard Ruby JWT library. Use JWT.encode to sign and JWT.decode with verify=true to validate.

JWT Encoder and Decoder in Rust

The jsonwebtoken crate handles JWT signing and verification. Define a Claims struct with serde and use EncodingKey / DecodingKey.