News

🔐 JWT Decoder

Decode, inspect, and validate JSON Web Tokens instantly.

Input Token

About the JWT Decoder

A JSON Web Token (JWT) is a compact, URL-safe token format used to securely transmit claims between two parties. JWTs are widely used for authentication and authorization in web applications, REST APIs, and microservices. A token consists of three Base64URL-encoded parts separated by dots: header.payload.signature.

The three parts of a JWT

  • Header — declares the token type (JWT) and the signing algorithm, such as HS256 (HMAC-SHA256) or RS256 (RSA-SHA256).
  • Payload — contains the claims: user identity (sub), expiry time (exp), issued-at time (iat), audience (aud), and any custom application fields.
  • Signature — verifies the token has not been tampered with. Computed by signing the encoded header and payload with a secret or private key.

Common use cases

  • Authentication — after login the server issues a JWT; the client attaches it to requests via Authorization: Bearer <token>.
  • OAuth 2.0 / OpenID Connect — JWTs are the standard format for access tokens and ID tokens in modern auth frameworks.
  • Microservices — services forward JWTs downstream to propagate user context without calling a central auth server on every request.
  • Debugging — quickly inspect claims to verify expiry, check roles, or diagnose authentication failures.

How to use this tool

Paste any JWT string into the input box and click Decode JWT. The tool splits the token into its three parts and displays the header and payload as formatted JSON. If the payload contains an exp claim, the tool automatically checks whether the token is still valid and shows an expiry warning if it has expired.

Privacy: This tool runs entirely in your browser. Tokens are never sent to any server.