JWT Decoder

Decode and inspect JSON Web Tokens instantly.

Token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

Issued: 1/18/2018, 1:30:22 AM

Signature

SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Algorithm: HS256 — Signature verification requires the secret/public key.

Frequently Asked Questions

What is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting claims between parties. A JWT consists of three Base64URL-encoded parts separated by dots: header, payload, and signature. The header specifies the signing algorithm, the payload contains claims like user ID, roles, and expiration time, and the signature verifies the token's integrity. Our free decoder parses all three parts instantly in your browser. Your tokens are never sent to any server.

When to Use a JWT Decoder

  • Debugging authentication issues by inspecting token claims and expiration
  • Verifying that a JWT contains the expected user roles and permissions
  • Checking token expiration time to diagnose session timeout problems
  • Understanding the signing algorithm and token structure during development
  • Inspecting tokens from OAuth providers, API gateways, or identity services

How It Works

Paste your JWT into the input field and the decoder instantly splits it into header, payload, and signature. Each part is decoded from Base64URL and displayed as formatted JSON. The expiration time is shown in human-readable format with a countdown. All decoding happens in your browser using standard JavaScript APIs.