JWT Decoder
Decode and inspect JSON Web Tokens (JWT) instantly.
What is JWT Decoder?
A JWT (JSON Web Token) is a compact, URL-safe means of representing claims between two parties. It consists of three Base64-encoded parts separated by dots: Header, Payload, and Signature. JWTs are commonly used for authentication, authorization, and information exchange in web applications and APIs.
How to Use This Tool
- Paste your JWT token in the input field
- The token is automatically decoded as you paste
- View the decoded header and payload in JSON format
- Check token expiration and other claims
Common Use Cases
- Debugging authentication issues in web applications
- Inspecting token claims and permissions
- Verifying token expiration before API calls
- Understanding OAuth2 and OpenID Connect tokens
Frequently Asked Questions
Is it safe to decode JWTs online?
Yes, this decoder runs entirely in your browser. Your token is never sent to any server. However, remember that JWTs are only encoded (not encrypted), so anyone with the token can read its contents. Never share tokens containing sensitive data.
Can this tool verify JWT signatures?
This tool decodes and displays JWT contents but doesn't verify signatures as that requires the secret key or public key. For signature verification, you need the appropriate cryptographic key used to sign the token.
What do the 'exp', 'iat', and 'nbf' claims mean?
'exp' is the expiration time (when the token expires), 'iat' is the issued-at time (when it was created), and 'nbf' is the not-before time (when it becomes valid). All are Unix timestamps.