A CWT (CBOR Web Token, RFC 8392) is a CBOR (Concise Binary Object Representation, RFC 8949) object that contains claims and is cryptographically protected using COSE (CBOR Object Signing and Encryption, RFC 8152).
See all registered claim types at IANA CWT Claims.
Type:
COSE_Sign1 COSE_Mac0 COSE_Sign COSE_Mac COSE_Encrypt0 COSE_Encrypt
EdDSA ES256 ES384 ES512 HMAC-256 HMAC-384 HMAC-512 AES-GCM-128 AES-CCM-128
Key ID: Not specified
PEM JWK Hex Base64
EdDSA ES256 ES384 ES512 HMAC-256 HMAC-384 HMAC-512
Enter a verification key above to automatically verify the CWT signature.
{ "iss": "https://example.com", // 1: Issuer "sub": "user123", // 2: Subject "aud": "app456", // 3: Audience "exp": 1735689600, // 4: Expiration Time "iat": 1735603200 // 6: Issued At }
Load a token to see parsed claims • Click claim names to edit mappings RFC 8392 §3.1
Raw Bytes
CBOR Structure
Hover over bytes or structure elements to see relationships • Shows CBOR encoding details