JWT Permission & Scope Inspector
Authorization issues often stem from missing scopes or incorrect roles in a token. Our decoder makes it easy to audit a user's permissions in a readable format.
When to use this solution:
Use this when a user has access to some parts of your app but is blocked from others unexpectedly.
Common Use Cases
1Step-by-Step Guide
Paste the user's token
Paste the JWT you want to audit into the input area.
Locate permission claims
Scan the payload for fields like 'roles', 'scopes', 'permissions', or 'groups'.
Verify value list
Ensure the required permission (e.g., 'admin', 'read:users') is present in the array.
Check for typos
Verify that the claim values aren't misspelled, as permissions are often case-sensitive.
Ready to get started?
Use our free tool to solve this problem in seconds. No installation required.
Inspect PermissionsFrequently Asked Questions
Can I add new roles to my token here?
No, JWTs are cryptographically signed. Any change to the payload would require re-signing with the server's secret key.
Where are roles usually stored?
While there's no official standard, common fields are 'role', 'roles', or 'permissions' depending on your auth provider.