Home Tools JWT Decoder

JWT Decoder

Decode JSON Web Tokens to inspect the header, payload, and signature. Tokens are decoded entirely in your browser.

⚠ Security notice: This tool only decodes JWTs — it does not verify signatures. Signature verification requires the signing key and should only be done on a trusted backend. Your token never leaves this browser tab.

Header (Algorithm & Token Type)

Paste a JWT above to decode.

Payload (Claims)

Paste a JWT above to decode.

Signature

Paste a JWT above to decode.

Frequently Asked Questions

What is a JWT?

A JSON Web Token is a compact, URL-safe token format used to transmit claims between two parties. It is made of three Base64URL-encoded parts separated by dots: header, payload, and signature.

Does this tool verify JWT signatures?

No. This tool only decodes the token to display its contents. Verifying a signature requires the signing secret or public key and must be performed on a trusted backend.

Is it safe to paste tokens here?

Yes — decoding is done entirely in your browser. Your token is never sent over the network. Still, avoid pasting real production tokens into any third-party tool when you can avoid it.

What do iat, exp, and sub mean?

iat is "issued at" (Unix timestamp when the token was created). exp is the expiration timestamp. sub is the subject — typically a user identifier.

Can I edit a JWT without breaking it?

No. Any change to the header or payload invalidates the signature. A properly configured server will reject any modified token.

Related Tools You Might Like

Base64 Encoder/Decoder JWTs are Base64URL-encoded — decode any Base64 string. Hash Generator Generate MD5, SHA-1, SHA-256, and SHA-512 hashes. Password Strength Checker Entropy analysis and crack-time estimation.