developer

JWT Decoder

JWT Decoder

Decode JWT tokens to inspect header and payload claims.

Decoded JWT

Configure inputs and run the tool

Results will appear here

About this JWT Decoder

The JWT Decoder is a free online tool for decoding JSON Web Tokens to inspect their header and payload contents. JWT is an open standard for securely transmitting information between parties as a JSON object, widely used for authentication, authorization, and single sign-on (SSO) systems. This JWT token decoder shows you the decoded header and payload claims so you can verify token contents, debug authentication issues, and understand the claims structure without installing any software.

How to use the JWT Decoder

  1. 1 Copy your complete JWT token (the full three-part string starting with "eyJ...").
  2. 2 Paste the JWT token into the JWT Token input field.
  3. 3 Click the Run button to decode the token instantly.
  4. 4 Review the decoded header and payload displayed as formatted JSON in the output area.

Frequently Asked Questions

What is a JWT token?
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It consists of three parts separated by dots: a header (token type and algorithm), a payload (claims), and a signature. The header and payload are Base64-encoded JSON.
Does this tool verify the JWT signature?
No, this JWT decoder only decodes the header and payload sections of the token. It does not validate the cryptographic signature. To verify a token's authenticity, you need the signing secret or public key and a proper JWT verification library.
Is it safe to decode tokens here?
Yes, all decoding happens in your browser using JavaScript. The token data is never sent to any server. However, you should never share your JWT tokens with anyone, as they may contain sensitive information like user IDs or permissions.
What information can I find in a JWT payload?
A JWT payload typically contains claims like "sub" (subject/user ID), "iat" (issued at timestamp), "exp" (expiration timestamp), "iss" (issuer), and custom claims like roles, permissions, or email addresses. The exact claims depend on the authentication system that issued the token.

Related Tools

developer

JSON Formatter

Format, validate, minify, and beautify JSON data instantly in your browser.

developer

Base64 Encoder / Decoder

Encode text to Base64 or decode Base64 back to plain text.

developer

URL Encoder / Decoder

Encode or decode URL strings safely for web usage.

developer

UUID Generator

Generate random UUIDs (v4) instantly. Copy multiple UUIDs at once.