JWT Decoder
Paste a JSON Web Token to instantly decode and inspect its header, payload claims, expiration status, and signature. All processing happens in your browser — no data is sent to any server.
Frequently Asked Questions
What is a JSON Web Token (JWT)?
A JWT is a compact, URL-safe token format used for securely transmitting information between parties as a JSON object. It consists of three parts: a header (algorithm and type), a payload (claims/data), and a signature. JWTs are commonly used for authentication and authorization in web applications.
Can this tool verify JWT signatures?
No. This tool decodes and inspects the contents of a JWT but does not verify its signature. Signature verification requires the signing secret or public key, which should only be handled server-side. Never paste production tokens with sensitive data into online tools.
What do the standard claims mean?
iss (issuer) identifies who created the token. sub (subject) identifies the user. exp (expiration) is when the token expires. iat (issued at) is when it was created. aud (audience) specifies the intended recipient. These are registered claims defined in RFC 7519.
Is my token data safe?
Yes. All decoding happens entirely in your browser using JavaScript. No data is sent to any server. However, as a best practice, avoid pasting production tokens containing sensitive information into any online tool.