JWT Decoder
Decode and inspect JSON Web Tokens — header, payload, and expiry at a glance.
Advertisement
..
Header
Payload
Signature
Signature verification requires the secret key and cannot be performed client-side securely. The token structure and claims above are decoded from the token itself without verification.
Advertisement
About JWT Tokens
- A JWT consists of three Base64URL-encoded parts: Header, Payload, and Signature, separated by dots.
- The header declares the token type and signing algorithm (e.g. HS256, RS256).
- The payload contains claims — registered (
sub,iat,exp,nbf) and custom ones. - The signature verifies the token's integrity — validation requires the secret key on your server.
- This tool decodes entirely in your browser. No token data is sent anywhere.