JWT Decoder
Decode and inspect JSON Web Tokens instantly. View header, payload, and signature. 100% client-side.
A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties as a JSON object. JWTs are widely used for authentication and authorization in modern web applications and APIs.
A JWT consists of three parts separated by dots: the header, the payload, and the signature. The header typically contains the token type (JWT) and the signing algorithm (like HS256 or RS256). The payload contains claims — statements about the user and additional metadata. Common claims include iss (issuer), sub (subject), aud (audience), exp (expiration time), and iat (issued at).
The signature is created by encoding the header and payload with Base64URL, concatenating them with a dot, and then signing with a secret key or private key. This ensures the token hasn't been tampered with.
This decoder runs entirely in your browser and does not verify signatures (that would require the signing key). It simply decodes and displays the header and payload for inspection.
Frequently Asked Questions
A JSON Web Token (JWT) is a compact token format consisting of three Base64URL-encoded parts: header, payload, and signature, separated by dots.
No. Signature verification requires the secret key or public key used to sign the token. This tool only decodes and displays the token contents.
Common claims include iss (issuer), sub (subject), aud (audience), exp (expiration time), iat (issued at time), and nbf (not before).