JWT Decoder

Decode JSON Web Tokens instantly to view their header, payload, and signature.

Enter JWT Token

Everything You Need to Know About JWT Decoding

What is a JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

How JWTs are Structured

A JWT consists of three parts separated by dots (.):

Header: Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data.
Signature: Used to verify the message hasn't been changed along the way, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.

Common JWT Claims

Claim	Name	Description
`iss`	Issuer	Identifies the principal that issued the JWT.
`sub`	Subject	Identifies the principal that is the subject of the JWT.
`aud`	Audience	Identifies the recipients that the JWT is intended for.
`exp`	Expiration Time	Identifies the expiration time on or after which the JWT must not be accepted.
`iat`	Issued At	Identifies the time at which the JWT was issued.

Why Use This Tool?

100% Secure: Decoding happens client-side. Your tokens never leave your browser.
Instant Results: No waiting for server requests. Paste and view immediately.
Developer Friendly: Formatted JSON output makes debugging easy.

Frequently Asked Questions

Yes. This tool runs entirely in your browser using JavaScript. No data is sent to any server.

You can modify the decoded payload JSON, but since you cannot generate a valid signature without the secret key, the token will be invalid if used against a server verifying the signature.