JWT Token Decoder

Decode, verify, and debug JSON Web Tokens with our powerful online tool

JWT Token

Enter your JWT Token:

Verification Options

Algorithm:

Secret/Public Key (for verification):

Decoded Token

Header

Algorithm: --

Token header will appear here

Payload

Type: --

Token payload will appear here

Signature

Verification: --

Signature verification results will appear here

Enter a JWT token to check its validity and contents.

Token Details

Detailed information about your token will appear here.

📚 JWT Token Information

🔒

What is a JWT?

JSON Web Tokens are an open standard (RFC 7519) that defines a compact way for securely transmitting information between parties as a JSON object.

🧩

Token Structure

JWTs consist of three parts: Header (algorithm & token type), Payload (claims), and Signature. These are base64url encoded and separated by dots.

🔑

Common Algorithms

HS256/384/512 (HMAC), RS256/384/512 (RSA), ES256/384/512 (ECDSA), PS256/384/512 (RSASSA-PSS), or "none" for unsecured tokens.

⏱️

Expiration

JWTs often include "exp" (expiration time) and "iat" (issued at) claims to manage token validity periods securely.

🛡️

Security Considerations

Always validate tokens, check algorithms, verify signatures, and never accept tokens with the "none" algorithm in production.

🔍

Common Uses

Authentication, authorization, information exchange, and secure API communication between services.

📊 Common JWT Claims

Claim	Description	Example
iss (Issuer)	Identifies the principal that issued the JWT	"iss": "auth.example.com"
sub (Subject)	Identifies the principal that is the subject of the JWT	"sub": "user12345"
aud (Audience)	Identifies the recipients that the JWT is intended for	"aud": "api.example.com"
exp (Expiration)	Identifies the expiration time after which the JWT must not be accepted	"exp": 1735689600
nbf (Not Before)	Identifies the time before which the JWT must not be accepted	"nbf": 1735686000
iat (Issued At)	Identifies the time at which the JWT was issued	"iat": 1735686000
jti (JWT ID)	Provides a unique identifier for the JWT	"jti": "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6"

Dark Mode

Security Note: This tool processes tokens in your browser only - no tokens are sent to our servers. However, for maximum security, we recommend using this tool only with test tokens in development environments.