JWT Decoder
Decode and inspect JSON Web Tokens (JWT). View header, payload, and signature. Check token expiration.
Enter JWT Token
Decodes automatically as you type
What is JWT?
JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and authorization in web applications.
JWT Structure:
xxxxx.yyyyy.zzzzz
Header
Contains the token type (JWT) and signing algorithm (HS256, RS256, etc.)
Payload
Contains claims - statements about the user and additional metadata
Signature
Verifies the token hasn't been tampered with using a secret key
Standard Claims:
iss(Issuer) - Who issued the tokensub(Subject) - Who the token is aboutexp(Expiration) - When the token expiresiat(Issued At) - When the token was created
Frequently Asked Questions
Yes! Decoding happens entirely in your browser. Your tokens are never sent to any server. However, remember that JWT payloads are only Base64-encoded, not encrypted - anyone with the token can read its contents.
Signature verification requires the secret key (for HS256) or public key (for RS256). Since we don't have access to your keys, we can only decode and display the token contents, not verify its authenticity.
The
exp claim specifies when the token expires. If the current time is past this timestamp, the token is considered expired and should be rejected by the server. You'll need to obtain a new token.