Invalid JWT Format

A JSON Web Token must be three Base64URL-encoded segments separated by dots: header.payload.signature. 'Invalid format' usually means fewer than three parts, empty segments, or characters that are not valid Base64URL in a segment.

Check segment count

Split on `.` — you should get exactly three non-empty parts. Bearer tokens copied from headers sometimes include the word 'Bearer' or extra whitespace.

Encoding issues

JWT uses Base64URL, not standard Base64. `+` and `/` become `-` and `_`. Padding may be omitted. If decode fails, verify you copied the full token.

Security reminder

Decoding shows claims for debugging only. Always verify signatures on the server before trusting `sub`, `exp`, or role claims.

Related tools

JWT Decoder
Base64 Encoder/Decoder

Related guides

Jwt Decodertool
Base64 Encoder Decodertool
What is a JWT?glossary term
JWT Structure Explainedglossary term