Securityflags: g

JWT Token

Match JSON Web Tokens (JWTs) — three base64url-encoded segments separated by dots.

Try it in RegexPro

Pattern

regexJavaScript
/eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+/g

Raw source: eyJ[A-Za-z0-9_\-]+\.eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+

How it works

Both header and payload segments start with eyJ (base64 of '{"'), followed by base64url chars, joined by dots and followed by the signature segment.

Examples

Input

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0.abc123-_

Matches

  • eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0.abc123-_

Input

Bearer token-here

No match

Common use cases

  • Detecting JWTs in log files for redaction
  • Extracting tokens from Authorization headers
  • Secret scanning in source code
  • Request tracing and debugging
PreviousISO 8601 Date-Time
All patterns
NextGeneric API Key