PASETO Token Decoder
Platform-Agnostic Security Tokens (v1-v4) - 100% Client-Side
Zero Server Logs
PASETO (Platform-Agnostic Security Tokens) is a secure alternative to JWT. v2/v4 public tokens can be inspected. **Local** tokens are always encrypted.
Inspection Result
Paste a token to start decoding
About PASETO
Why use PASETO instead of JWT?
PASETO (Platform-Agnostic Security Tokens) was designed to solve JWT's cryptographic agility flaws. Unlike JWTs, which allow the header to dictate the hashing algorithm (leading to algorithm confusion attacks), PASETO enforces strict versioning (e.g., v2, v4) mapping to specific, modern cryptographic suites that cannot be downgraded.
Can I decode PASETO v4 tokens?
Yes. Our decoder locally parses the payload of all PASETO versions, including v4 public and local tokens. For 'public' tokens, you can see the JSON claims immediately. for 'local' tokens, the payload is symmetrically encrypted using XChaCha20-Poly1305, meaning you can see the footer but need the secret key to view the claims.
Are PASETO tokens encrypted or just signed?
It depends on the purpose. Tokens with the '.public' suffix are digitally signed (using Ed25519 for v2/v4), meaning the data is visible but tamper-proof. Tokens with the '.local' suffix are authenticated encryption (using AES или XChaCha20), meaning the data is hidden from everyone except the key holders.
Engineering Guides
Maîtrisez Cet Outil
Guides approfondis et tutoriels pour les experts.
La Mort du LocalStorage : Pourquoi les Applications d'Entreprise Utilisent les Cookies HttpOnly
LocalStorage est une faille pour la sécurité JWT. Découvrez pourquoi les applications Next.js modernes utilisent des Cookies HttpOnly pour prévenir les attaques XSS et le vol de session.
Read Guide
JWT vs Session Tokens : Lequel est le meilleur pour l’authentification en 2026 ?
JWT ou Tokens de Session ? Comparez la sécurité, la scalabilité, les risques XSS et les performances pour les APIs modernes et les applications web en 2026.
Read Guide