JWT Decoder
Decode and inspect JSON Web Tokens (JWT). View header, payload claims and verify signature if you have the secret or public key.
Decoded JWT
JWT Structure: [Header].[Payload].[Signature]
Header (Algorithm & Token Type)
Payload (Claims)
Signature
Paste a JWT and click "Decode JWT" to see results here
About JWT
JWT (JSON Web Token) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
JWT Structure
A JWT is composed of three parts separated by dots (.):
- Header - Specifies the algorithm used for signing
- Payload - Contains the claims (data)
- Signature - Used to verify the token's integrity
Common JWT Claims
- iss - Issuer of the token
- sub - Subject of the token
- aud - Audience of the token
- exp - Expiration time (timestamp)
- nbf - Not before time (timestamp)
- iat - Issued at time (timestamp)
- jti - JWT ID (unique identifier)
Security Note
Decoding a JWT does not require a secret or key. It only verifies the structure of the token. To verify that the token hasn't been tampered with, you need to verify the signature using the appropriate secret or public key.