Your data is never sent to a server or stored anywhere. All processing happens in your browser.

JWT Decoder

Sample JWTs Click to load a sample (signatures are not verified)
Header 
 
 
Payload     
 
 
Signature 
 
 
How to Use
 
 
Paste a JWT token into the input field. The tool instantly decodes and displays the header (algorithm and type), payload (claims and data), and signature. Expiry status is automatically checked against the current time.
 
What Is a JWT
 
 
A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three Base64URL-encoded parts separated by dots: header (algorithm metadata), payload (claims like user ID, expiry, issuer), and signature (cryptographic verification). JWTs are widely used in OAuth 2.0, OpenID Connect, and API authentication.
 
Standard JWT Claims
 
 
  • sub (Subject) — a unique identifier for the token's subject, typically a user ID
  • iss (Issuer) — identifies the server or service that issued the token
  • exp (Expiration Time) — the Unix timestamp after which the token is no longer valid
  • iat (Issued At) — the Unix timestamp when the token was created
  • nbf (Not Before) — the token must not be accepted before this Unix timestamp
  • aud (Audience) — the intended recipient service or application for the token
  • jti (JWT ID) — a unique identifier for the token, used to prevent token replay
 
Privacy & Security
 
 
All decoding happens entirely in your browser. Your token is never sent to a server, stored, or logged. Note: this tool only decodes tokens — it does not verify signatures. Never paste production tokens containing sensitive data into untrusted online tools.