JWT Decoder
Paste a JSON Web Token to decode and inspect its header and payload claims.
⚠ Privacy Notice: Decoding happens entirely in your browser. Your token is never sent to any server.
About JWT Tokens
JSON Web Tokens (JWT) are an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. They are commonly used for authentication and authorization in web applications.
JWT Structure
- Header — Contains the token type and the signing algorithm (e.g., HS256, RS256)
- Payload — Contains the claims (user data, expiration, issuer, etc.)
- Signature — Used to verify the token hasn't been tampered with (requires the secret key)
Common JWT Claims
iss— Issuer: who created the tokensub— Subject: who the token is aboutexp— Expiration time (Unix timestamp)iat— Issued at timeaud— Audience: intended recipient
Note: This tool only decodes the header and payload. It does not verify the signature, as that requires the secret key.