JWT Decoder
Decode and verify JSON Web Token, view Header, Payload and Signature
JWT Token
Sample JWT
What is JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties. JWT consists of three parts separated by dots:
Header.Payload.Signature
Three Parts Explained
- Header: Contains token type and signing algorithm, e.g. {"alg": "HS256", "typ": "JWT"}
- Payload: Contains claims, which are user data and metadata
- Signature: Used to verify that the message was not tampered with during transmission
Standard Claims
| Claim | Name | Description |
|---|---|---|
iss | Issuer | Token issuer |
sub | Subject | Token subject, usually user ID |
aud | Audience | Token audience |
exp | Expiration Time | Expiration time (Unix timestamp) |
nbf | Not Before | Not valid before time |
iat | Issued At | Issued at time |
jti | JWT ID | Unique token identifier |
How to Use
- Paste JWT Token into the input box, the tool will automatically parse and display Header and Payload content
- Click on colored tags to copy the corresponding Base64 encoded part
- Enter secret in the signature verification area to verify if signature is correct (supports HS256/HS384/HS512 algorithms)
- Key information area shows decoded values for common claims, expiration status is color-coded
Security Tips
- This tool runs locally in your browser, Token is never sent to any server
- JWT only encodes and signs data, it is not encrypted, anyone can decode and view the content
- Do not store sensitive information in JWT (such as passwords, credit card numbers, etc.)
- Always use HTTPS to transmit JWT in production environments