JWT Decoder
Decode and inspect JSON Web Tokens instantly. Everything runs in your browser — no data is ever sent to a server.
Need this as an API?
Use the TextForge API to decode JWTs programmatically. Free tier includes 50 requests/day.
What is a JSON Web Token (JWT)?
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. JWTs are commonly used for authentication and information exchange in web applications, APIs, and microservices architectures.
JWT Structure
Every JWT consists of three Base64URL-encoded parts, separated by dots:
- Header - Contains the token type (typically "JWT") and the signing algorithm (e.g., HS256, RS256).
- Payload - Contains the claims, which are statements about the user and additional metadata. Common claims include
sub(subject),iat(issued at),exp(expiration), andnbf(not before). - Signature - Created by signing the encoded header and payload with a secret key. Used to verify the token has not been tampered with.
How This JWT Decoder Works
This tool decodes the header and payload portions of a JWT by Base64URL-decoding each part and parsing the resulting JSON. It runs entirely in your browser using JavaScript, so your tokens never leave your device. The tool also checks standard time-based claims (exp, iat, nbf) and displays their human-readable timestamps.
Common JWT Claims
- iss (Issuer) - Who issued the token
- sub (Subject) - The user or entity the token represents
- aud (Audience) - Intended recipient of the token
- exp (Expiration) - When the token expires
- nbf (Not Before) - Token is not valid before this time
- iat (Issued At) - When the token was created
- jti (JWT ID) - Unique identifier for the token