JWT Decoder
Decode and inspect JSON Web Token header, payload, and signature
This tool only decodes the token — it does NOT verify the signature. Never expose real credentials.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used to represent claims securely between parties. A JWT consists of three Base64URL-encoded parts separated by dots (.):
- Header — Contains the token type and signing algorithm (e.g.
HS256,RS256). - Payload — Contains the claims: registered (like
sub,exp,iat), public, or private claims. - Signature — A cryptographic signature used to verify the token was not tampered with. This tool displays but does NOT verify it.
Common Payload Claims
sub— Subject (user ID)iat— Issued at (Unix timestamp)exp— Expiration time (Unix timestamp)iss— Issueraud— Audience