JWT Decoder
Decode and analyze JSON Web Tokens
✓ Runs 100% in your browser — no data sent to serversFrequently Asked Questions
What is a JWT token?
JWT (JSON Web Token) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three parts: header, payload, and signature, separated by dots. JWTs are commonly used for authentication and authorization in web applications.
How do I decode a JWT?
Simply paste your JWT token into the input field and click "Decode". The tool will split it into header, payload, and signature, then Base64-decode and display the JSON content of each part. The header contains metadata, and the payload contains your claims.
Why doesn't this tool verify signatures?
JWT signature verification requires the secret key or public key, which should never be exposed in a client-side tool. This decoder shows you the token contents, but you should verify signatures server-side where keys can be kept secure.
What are JWT claims?
Claims are statements about an entity (typically the user) and additional metadata. Standard claims include 'iss' (issuer), 'sub' (subject), 'exp' (expiration time), 'iat' (issued at), and 'aud' (audience). Custom claims can contain any data you need.
How do I check if my JWT is expired?
This tool automatically checks the 'exp' claim in your JWT payload and displays whether the token is valid or expired. The expiry status appears as a badge next to the decoded output.
Is it safe to paste my JWT here?
Yes, this tool runs entirely in your browser. Your JWT never leaves your device or gets sent to any server. However, be cautious about sharing JWTs as they may contain sensitive information and can be used to authenticate as you.