JWT Decoder
Decode and inspect JSON Web Tokens (JWT)
JWT Token
Paste your JWT token to decode
About JWT
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It consists of three parts:
1. Header
Contains the token type (JWT) and signing algorithm (e.g., HMAC SHA256, RSA)
2. Payload
Contains claims (statements about the user and additional metadata)
3. Signature
Used to verify the token hasn't been tampered with
Common JWT Claims
iss (Issuer): Who issued the token
sub (Subject): User identifier
aud (Audience): Who the token is intended for
exp (Expiration): When the token expires
nbf (Not Before): Token not valid before this time
iat (Issued At): When the token was issued
jti (JWT ID): Unique token identifier
⚠️
Security Notice
This tool only decodes JWT tokens - it does NOT verify the signature. A decoded token does not mean it's valid or trustworthy.
- Never trust decoded JWT data without proper signature verification
- Always validate JWTs on your backend before trusting the claims
- This tool is for development and debugging purposes only
- Your tokens are processed locally and never sent to any server