JWT Decoder

Decode JSON Web Tokens (JWT) to inspect their header, payload, and signature with ease.

Security

What is a JWT Decoder?

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed. A JWT Decoder parses the three distinct parts of a JWT (Header, Payload, and Signature) separated by dots (.) and decodes the Base64Url representation into readable JSON.

How to use the JWT Decoder

  1. Paste your JWT into the input token field.
  2. The tool will instantly split and decode the token:
    • Header: Contains metadata about the type of token and cryptographic algorithm used.
    • Payload: Contains the actual claims (user information, permissions, token expiration, etc.).
    • Signature: The cryptographic signature verifying the token source.
  3. If any standard timestamp fields are present (e.g. exp for expiration, iat for issued at, nbf for not before), they will be translated into human-readable local times.
  4. Optionally verify the signature of HS256 tokens by entering the HMAC secret key.
  5. Use the copy button on any section to copy the JSON structure.

Example Token

Here is a standard HS256 JWT (with secret “secret”):

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTM0NTYAwMH0.u2Gg3lK1s4N3yL9U9V3-5tQ5hS1N2_U24h8z0J81X1Y

Contribute

Find a bug or want to suggest an improvement to this tool?