JWT Decoder
Paste any JSON Web Token to instantly decode its header, payload and claims. 100% client-side - your token never leaves your browser.
Waiting for a token
Paste a JWT above or click Sample to decode an example token instantly.
| Claim | Value | Description |
|---|
About JSON Web Tokens
A JSON Web Token (JWT) is a compact, URL-safe representation of claims between two parties (RFC 7519). It has three Base64url-encoded parts joined by dots:
- Header - algorithm (
HS256,RS256,ES256...) and token type. - Payload - the claims:
sub,iss,exp,iatand any custom data. - Signature - cryptographic proof the token wasn't tampered with.
Security note: JWTs are encoded, not encrypted. Anyone can read the payload. Never store passwords or sensitive data inside a JWT unless it is also encrypted (JWE). Always verify the signature on your server with the appropriate secret or public key.
How to use
- Paste your JWT into the input area.
- The decoder splits it into header, payload, and signature instantly.
- Hover over claim names like exp or iat to see human-readable timestamps.
- Spot the algorithm (alg) in the header to know how the signature should be verified.
- Copy any section as JSON for use in your own debugging.
Frequently asked questions
Does this verify the JWT signature?
No. Signature verification requires the issuer's secret or public key, which should never be pasted into a third-party tool. The decoder only reads and pretty-prints the three Base64 segments.
Is the token uploaded to a server?
No. All decoding happens locally in your browser. JWTs frequently contain sensitive claims, so keeping the data on-device is a deliberate choice.
Why is my JWT considered invalid?
A JWT must have exactly three Base64URL-encoded segments separated by dots. Whitespace, accidental newlines, or missing parts will trigger the invalid-format warning.
What do exp and iat mean?
exp and iat mean?exp is the expiration time and iat is issued-at, both as Unix timestamps in seconds. The decoder converts them to your local time automatically.
Advertisement