JWT Decoder
Decode and inspect JSON Web Tokens (JWT). View the header, payload, and signature parts of your token. Check expiration and other claims.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS).
JWT Structure
A JWT consists of three parts separated by dots (.):
- Header: Contains the token type (JWT) and the signing algorithm (e.g., HS256, RS256)
- Payload: Contains the claims - statements about the user and additional metadata
- Signature: Used to verify the token hasn't been tampered with
Common JWT Claims
- iss (Issuer): Who issued the token
- sub (Subject): Who the token represents
- aud (Audience): Who the token is intended for
- exp (Expiration): When the token expires
- iat (Issued At): When the token was issued
- nbf (Not Before): When the token becomes valid
Security Note
This tool only decodes the JWT - it does not verify the signature. Never paste production tokens containing sensitive data into online tools. Signature verification requires the secret key and should be done server-side.