JWT Decoder
Inspect your JSON Web Tokens (JWTs) securely.
Header
Header data...
Payload
Payload data (Claims)...
⚠️ Signature verification is not supported in this client-side viewer.
Security & Privacy
This JWT Decoder runs 100% in your browser using JavaScript. We do not send your tokens to any server. You can safely paste tokens here to debug your authentication flows without risking data leaks.
Understanding JWT Structure
A JSON Web Token consists of three parts separated by dots (.):
- Header: Contains the algorithm used for signing (e.g., HS256) and the token type.
- Payload: Contains the claims (data) such as user ID (
sub), expiration (exp), and roles. - Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.
Common Claims
Standard claims you usually see in the payload include:iss (Issuer), sub (Subject), aud (Audience), exp (Expiration Time), and iat (Issued At).