ToolsDashboard

inspect custom jwt claims

Inspect custom JWT claims before changing auth rules

Decode a token and review custom roles, scopes, or organization claims before you update middleware or backend checks.

Custom claims often drive authorization logic, but teams change claim names or shapes over time. Inspecting a real token keeps auth refactors grounded in actual data.

Open the tool Expected result

How to use it

Step 1

Decode the current token

Look at the exact claims your live or staging flow emits today.

Step 2

Review names and structures

Check arrays, nested objects, and claim naming conventions before changing policy code.

Step 3

Map claims to code paths

Confirm which claims your backend and frontend actually read.

Sample input

eyJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJhZG1pbiJdLCJvcmciOiJhY21lIn0.signature

Expected result

You reduce the chance of shipping an auth change based on outdated assumptions about token contents.

Common mistakes

Assuming the claim shape from old docs.
Renaming claims without updating every consumer.
Testing with synthetic tokens only.

Related workflows

Check whether a JWT is expired or not yet valid

Guide

Debug a bearer token copied from a failed API request

Guide

Related tools

ToolsDashboard

inspect custom jwt claims

Inspect custom JWT claims before changing auth rules

Decode a token and review custom roles, scopes, or organization claims before you update middleware or backend checks.

Custom claims often drive authorization logic, but teams change claim names or shapes over time. Inspecting a real token keeps auth refactors grounded in actual data.

Open the tool Expected result

How to use it

Step 1

Decode the current token

Look at the exact claims your live or staging flow emits today.

Step 2

Review names and structures

Check arrays, nested objects, and claim naming conventions before changing policy code.

Step 3

Map claims to code paths

Confirm which claims your backend and frontend actually read.

Sample input

eyJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJhZG1pbiJdLCJvcmciOiJhY21lIn0.signature

Expected result

You reduce the chance of shipping an auth change based on outdated assumptions about token contents.

Common mistakes

Assuming the claim shape from old docs.
Renaming claims without updating every consumer.
Testing with synthetic tokens only.

Related workflows

Check whether a JWT is expired or not yet valid

Guide

Debug a bearer token copied from a failed API request

Guide

Related tools