JWT Decoder
Decode JSON Web Tokens (JWT) to inspect their header, payload, and signature with ease.
Security
What is a JWT Decoder?
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed. A JWT Decoder parses the three distinct parts of a JWT (Header, Payload, and Signature) separated by dots (.) and decodes the Base64Url representation into readable JSON.
How to use the JWT Decoder
- Paste your JWT into the input token field.
- The tool will instantly split and decode the token:
- Header: Contains metadata about the type of token and cryptographic algorithm used.
- Payload: Contains the actual claims (user information, permissions, token expiration, etc.).
- Signature: The cryptographic signature verifying the token source.
- If any standard timestamp fields are present (e.g.
expfor expiration,iatfor issued at,nbffor not before), they will be translated into human-readable local times. - Optionally verify the signature of HS256 tokens by entering the HMAC secret key.
- Use the copy button on any section to copy the JSON structure.
Example Token
Here is a standard HS256 JWT (with secret “secret”):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTM0NTYAwMH0.u2Gg3lK1s4N3yL9U9V3-5tQ5hS1N2_U24h8z0J81X1Y