JWT Decoder

About JWT Decoder

Our JWT Decoder helps developers quickly decode and inspect JSON Web Tokens (JWT). View the header, payload, and understand claims without installing external libraries.

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a compact, self-contained JSON object. JWTs are commonly used for authentication and data exchange in web applications.

JWT Structure

• Header: Contains the token type (JWT) and signing algorithm (e.g., HS256, RS256).
• Payload: Contains claims—statements about the user and additional data (e.g., user ID, expiration).
• Signature: Used to verify the token hasn't been tampered with (not decoded by this tool).

Common Claims

• iss (issuer): Who issued the token.
• sub (subject): Who the token is about (usually the user ID).
• aud (audience): Intended recipients of the token.
• exp (expiration): When the token expires (Unix timestamp).
• iat (issued at): When the token was issued (Unix timestamp).
• nbf (not before): When the token becomes valid (Unix timestamp).

How to Use the JWT Decoder

• Paste Token: Copy your JWT and paste it into the input field.
• Auto Decode: The token is automatically decoded as you type.
• Manual Decode: Click "Decode Token" to decode manually.
• Inspect: Review the decoded data, claims, and expiration status.

Important Notes

• This tool only decodes JWTs—it does not verify signatures.
• Never paste sensitive production tokens into online tools you don’t trust.
• JWT decoding is fully client-side; nothing is sent to any server.
• Expired tokens can still be decoded to view their contents.

Privacy & Security

All JWT decoding happens entirely in your browser using JavaScript. Tokens are not sent to any server, stored, or logged. Your tokens remain completely private and secure.