JWT Decoder

Decode and inspect JSON Web Tokens (JWT) to view header, payload, and signature

JWT Token

Paste your JWT token to decode

About JSON Web Tokens (JWT)

JSON Web Tokens are an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs consist of three parts:

  • Header: Contains metadata about the token (algorithm, type)
  • Payload: Contains claims (statements about the user and additional data)
  • Signature: Ensures the token hasn't been tampered with

Common Claims:

  • iss: Issuer of the token
  • sub: Subject (usually user ID)
  • aud: Audience (intended recipient)
  • exp: Expiration time (Unix timestamp)
  • iat: Issued at (Unix timestamp)
  • nbf: Not valid before (Unix timestamp)

Security Note: JWTs are signed, not encrypted. Don't include sensitive information in the payload unless encrypted separately. All decoding is performed locally in your browser.