JWT Decoder

Decode JWT tokens instantly. View header, payload, signature, and expiration status. Free, runs entirely in your browser. No data leaves your machine.

Paste a token above to decode
Header 
 
 
 
 
Payload

 
 
 
 
 
Signature

 
 
 
 
   
   
 
 
What is a JWT?
 

A JSON Web Token (JWT) is a compact, URL-safe token format used
      to transmit claims between two parties. It consists of three Base64URL-encoded parts
      separated by dots: a header, a payload, and a signature.

 
The three parts
 
     
  •  Header contains metadata: the signing algorithm (e.g. HS256, RS256)
        and token type.

    •  
  •  Payload contains the claims: user data, expiration time, issuer,
        and any custom fields.

    •  
  •  Signature is a cryptographic hash that verifies the token hasn't
        been tampered with. This decoder shows the signature but cannot verify it without
        the signing key.

    •  
 
Common claims
 
     
  • iss (issuer): who created the token
    •  
  • sub (subject): who the token represents
    •  
  • aud (audience): intended recipient
    •  
  • exp (expiration): when the token expires (Unix timestamp)
    •  
  • iat (issued at): when the token was created
    •  
  • nbf (not before): token is not valid before this time
    •  
 
Frequently Asked Questions
 
 Is this tool safe to use with real tokens? Yes. This decoder runs
      entirely in your browser. Your token is never sent to any server. You can verify
      this by disconnecting from the internet and using the tool offline.

 
 Can this tool verify JWT signatures? No. Signature verification
      requires the signing key (secret or public key), which this tool does not ask for.
      This is a decoder and inspector only.

 
 Why does my token show as expired? The expiration check compares
      the exp claim against your device's current time. If your system clock
      is wrong, the result may be inaccurate.