JWT Decoder
Decode and inspect JSON Web Tokens. View header, payload, and signature.
Header
Payload
Signature
⚠️ Signature verification requires the secret key, which this tool doesn't have access to.
About JSON Web Tokens
JWT (JSON Web Token) is an open standard for securely transmitting information between parties as a JSON object. The token is digitally signed, so it can be verified and trusted.
JWT Structure
A JWT consists of three parts separated by dots:
- Header: Contains the token type and signing algorithm
- Payload: Contains the claims (user data, expiration, etc.)
- Signature: Verifies the token hasn't been tampered with
Common Claims
- iss: Issuer - who created the token
- sub: Subject - who the token is about
- aud: Audience - who the token is for
- exp: Expiration time
- iat: Issued at time
- nbf: Not before time
Security Note
JWTs are encoded, not encrypted. Anyone can decode and read the payload. Never put sensitive data (passwords, secrets) in a JWT.