JWT Decoder

Decode and inspect JSON Web Tokens (JWT). View header, payload, and expiration status. Runs entirely in your browser.

JWT Token

What is a JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and authorization in modern web applications.

JWT Structure

A JWT consists of three parts separated by dots (.):

Header: Contains the token type (JWT) and the signing algorithm (e.g., HS256, RS256).
Payload: Contains claims - statements about the user and additional metadata.
Signature: Used to verify that the message wasn't changed along the way.

Common JWT Claims

iss (Issuer): The entity that issued the token.
sub (Subject): The subject of the token (usually user ID).
aud (Audience): The recipients the token is intended for.
exp (Expiration Time): When the token expires.
iat (Issued At): When the token was issued.
nbf (Not Before): The token is not valid before this time.

Privacy First

This JWT decoder runs 100% in your browser. Your tokens are never sent to any server. This is crucial for security since JWTs often contain sensitive user information. You can safely decode production tokens without worrying about data leaks.

Security Note: This tool only decodes the JWT - it does not verify the signature. Never trust the contents of a JWT without verifying the signature using the appropriate secret or public key.