JWT Decoder
Decode and inspect JSON Web Tokens (JWT) to view header, payload, and signature
1. What is a JWT?
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It consists of three parts: Header, Payload, and Signature, separated by dots (.).
2. How does it work?
JWT Structure
- Header: Contains the token type (JWT) and the signing algorithm (e.g., HS256, RS256)
- Payload: Contains the claims - statements about an entity and additional data
- Signature: Used to verify the token hasn't been tampered with
Common Claims
- iss: Issuer of the token
- sub: Subject (user identifier)
- aud: Audience (intended recipient)
- exp: Expiration time
- iat: Issued at time
- nbf: Not before time
Security Note
This tool only decodes the JWT - it does NOT verify the signature. JWTs are not encrypted, only base64url encoded, so never put sensitive data in them. Always verify JWTs server-side.
3. Examples
Example JWT structure
header.payload.signature → Three base64url-encoded parts separated by dots