JWT Decoder
Decode and inspect JSON Web Tokens
How to Use
- 1Paste your JWT token into the input panel
- 2View the decoded header and payload
- 3Check token expiration status
- 4Copy decoded data as needed
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe way of representing claims between two parties. JWTs are commonly used for authentication and authorization in web applications. They consist of three parts separated by dots: header, payload, and signature.
The header specifies the algorithm used to sign the token. The payload contains the claims (data) such as user ID, roles, and expiration time. The signature ensures the token hasn't been tampered with.
Common JWT Claims
issIssuer β Who issued the tokensubSubject β Who the token is about (usually user ID)expExpiration β When the token expires (Unix timestamp)iatIssued At β When the token was issuedaudAudience β Intended recipient of the tokenFAQ
Is my JWT safe to paste here?
Yes. This tool runs entirely in your browser. Your JWT is never sent to any server. However, never share JWTs publicly as they may contain sensitive information.
Does this verify the signature?
No. Signature verification requires the secret key, which should never be exposed client-side. This tool only decodes the token to show its contents.
Why is my token showing as expired?
The tool compares the `exp` claim against your current local time. If the expiration timestamp is in the past, the token is considered expired.