Regex for JWT Token
Validates JSON Web Token format: three Base64url-encoded segments separated by dots.
Pattern
/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/ Live Tester
Enter a string to test
Examples
✓ eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U
✓ abc.def.ghi
✓ header_1.payload-2.signature_3
✗ abc.def
✗ abc.def.ghi.jkl
✗ abc def.ghi.jkl
Pattern Breakdown
^[A-Za-z0-9_-]+ — Base64url-encoded header
\.[A-Za-z0-9_-]+ — dot + Base64url-encoded payload
\.[A-Za-z0-9_-]+$ — dot + Base64url-encoded signature
Code Snippets
Javascript
const regex = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
regex.test("eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0.rq8ssgv0jX0Hz"); // truePython
import re
pattern = r"^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$"
bool(re.match(pattern, "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0.rq8ssgv0jX0Hz")) # TruePhp
$pattern = '/^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/';
preg_match($pattern, "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0.rq8ssgv0jX0Hz"); // 1Related Patterns
Email Address /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/ URL /^https?:\/\/(www\.)?[a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([a-zA-Z0-9()@:%_+.~#?&/=-]*)$/ Phone Number (International) /^\+?[1-9]\d{1,14}$/ Phone Number (US) /^\(?[2-9]\d{2}\)?[-.\s]?\d{3}[-.\s]?\d{4}$/ Phone Number (EU) /^\+?[1-9][0-9]{0,3}[\s.-]?\(?[0-9]{1,5}\)?[\s.-]?[0-9]{1,5}[\s.-]?[0-9]{1,5}$/ IPv4 Address /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$/
Frequently Asked Questions
What is the regex for JWT Token?▾
The regex pattern for JWT Token is /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/. Validates JSON Web Token format: three Base64url-encoded segments separated by dots.
How do I use the JWT Token regex in JavaScript?▾
In JavaScript you create the pattern with a regex literal or the RegExp constructor and call .test() to check a string against it. A ready-to-copy example is shown in the Code Snippets section above, alongside Python and PHP versions.
What does the JWT Token pattern match?▾
It matches strings like eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U; it rejects strings like abc.def. See the Examples section above for the full list of matching and non-matching cases.