1. Understanding JWT structure
A JWT has three dot-separated parts: header.payload.signature. The header holds the signing algorithm (alg) and token type (typ); the payload holds the actual claims (user ID, permissions, issue time, etc.), all base64url-encoded. The signature is the header+payload signed with a secret (or private key), used to verify the token hasn't been tampered with β but this tool does not perform that verification.