JWT Decoder
Decode and visualize JWT tokens (JSON Web Token). View the header, payload, and verify expiration.
⚠ Signature is displayed only, not verified.
Reference
JSON Web Tokens (JWT)
A JWT (JSON Web Token) is a compact, URL-safe token format defined in RFC 7519. It consists of three base64url-encoded parts separated by dots: header.payload.signature. JWTs are widely used for authentication and information exchange between parties.
Structure
Header — a JSON object containing the token type (typ) and the signing algorithm (alg), e.g. HS256 or RS256. Payload — a JSON object containing claims: registered claims like iss (issuer), sub (subject), exp (expiration time), iat (issued at); and custom application claims. Signature — the result of signing the encoded header and payload with a secret or private key. It ensures the token has not been tampered with.
⚠ Security Note
Decoding is not the same as verifying. This tool decodes the token and displays its contents, but it does not verify the signature. Anyone can create a JWT with arbitrary claims. Never trust JWT claims without verifying the signature server-side using the appropriate secret or public key. Use a library like jsonwebtoken (Node.js) or PyJWT (Python) in production.
Privacy
All decoding runs 100% in your browser. No data is sent to a server.