JWT Decoder

Decode JSON Web Tokens to inspect the header, payload, and claims. Your tokens stay in your browser — nothing is sent to any server.

 

About JSON Web Tokens

JWT (JSON Web Token) is a compact, URL-safe token format used for authentication and information exchange. A JWT consists of three parts separated by dots: Header, Payload, and Signature.

Standard Claims

ClaimNameDescription
issIssuerWho created the token
subSubjectWho the token is about
audAudienceWho the token is intended for
expExpirationWhen the token expires
nbfNot BeforeWhen the token becomes valid
iatIssued AtWhen the token was created
jtiJWT IDUnique identifier for the token

Related Tools

Base64 Encoder

Hash Generator

JSON Formatter

Frequently Asked Questions

What is a JWT (JSON Web Token)?
A JWT is a compact, URL-safe token format used for authentication and information exchange. It consists of three parts: a header (algorithm info), a payload (claims/data), and a signature for verification.
Is it safe to decode JWTs in the browser?
Yes, decoding a JWT only reveals its contents — it doesn't validate or forge tokens. The signature verification requires the secret key, which this tool doesn't need. This tool runs entirely in your browser.
Do JWTs expire?
JWTs can include an 'exp' (expiration) claim that specifies when the token becomes invalid. This is set by the token issuer and is a Unix timestamp. Our decoder shows this expiration time in human-readable format.
Keyboard Shortcuts
Ctrl+Enter Run / Format
Ctrl+Shift+C Copy output
Ctrl+L Clear