JWT Decoder
Security Notice: This tool only decodes the token. The signature is not verified. Do not use this tool for security decisions or to validate token authenticity.
Header
Decoded header will appear here...
Payload
Decoded payload will appear here...
Signature
Signature will appear here...
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting claims between parties. A JWT consists of three Base64url-encoded parts separated by dots: a header (algorithm and type), a payload (claims data), and a signature. This tool decodes the header and payload — it does not verify the signature.
Common Use Cases
- Inspecting Authentication Tokens — Decode JWTs from OAuth flows, API gateways, or identity providers to verify claims like subject, issuer, audience, and expiration time during development.
- Debugging Token Expiration — Check the
exp(expiration) andiat(issued at) claims to diagnose authentication failures. This tool shows timestamps as readable dates and indicates whether the token has expired. - Reviewing Token Permissions — Examine custom claims like roles, scopes, or permissions embedded in the JWT payload to verify that your authorization logic receives the correct data.