JWT Decoder
Decode JSON Web Tokens to inspect header, payload, and claims. Detects expiration and common issues.
JWT Token
Header (Algorithm & Token Type)
—
Payload (Claims & Data)
—
Signature
—
Token Info
—
Understanding JWT Structure
A JSON Web Token consists of three Base64URL-encoded parts separated by dots: header.payload.signature
| Part | Contains | Common Fields |
|---|---|---|
| Header | Algorithm & token type | alg, typ |
| Payload | Claims (data) | iss, sub, aud, exp, nbf, iat, jti |
| Signature | Verification hash | HMAC-SHA256, RSA, ECDSA |
Common Claims:
iss— Issuer: who issued the tokensub— Subject: who the token is aboutaud— Audience: intended recipientexp— Expiration: when the token expires (Unix timestamp)iat— Issued At: when the token was created (Unix timestamp)nbf— Not Before: when the token becomes valid
Security Note: This tool only decodes JWTs — it does not verify signatures. Anyone can create a JWT with any claims. Always verify the signature server-side using your secret key before trusting claims.