JWT Decoder
Decode and inspect JSON Web Tokens instantly. View header, payload, claims, and expiration. 100% client-side — your tokens never leave your browser.
Header
{
"alg": "HS256",
"typ": "JWT"
}Payload
{
"sub": "1234567890",
"name": "John Doe",
"email": "john@example.com",
"role": "admin",
"iat": 1716239022,
"exp": 1900000000
}Claims
Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Note: This tool decodes but does not verify the signature. Verification requires the secret key or public key.
Free Online JWT Decoder
JSON Web Tokens (JWTs) are the standard for authentication in modern web applications. Our free decoder lets you inspect any JWT instantly — see the algorithm, claims, expiration status, and payload data without installing any tools.
What Is a JWT?
A JWT consists of three parts separated by dots: a Header (algorithm and type), a Payload (claims and data), and a Signature (verification). JWTs are used for authentication, authorization, and securely transmitting information between parties. They're commonly used in OAuth 2.0, OpenID Connect, and API authentication.
Common JWT Claims
- • iss (Issuer): Who created the token
- • sub (Subject): Who the token is about (usually user ID)
- • aud (Audience): Who should accept the token
- • exp (Expiration): When the token expires
- • iat (Issued At): When the token was created
- • jti (JWT ID): Unique token identifier
Is This Decoder Safe?
Yes. This decoder runs entirely in your browser using JavaScript. Your JWT is never sent to any server. JWTs are Base64-encoded (not encrypted), so anyone who has the token can read the payload — decoding doesn't require a secret key. However, verifying the signature does require the signing key.