JWT Decoder
Decode JWT tokens and inspect header and payload. Free online JWT decoder tool.
Frequently Asked Questions
What is a JWT?
JWT (JSON Web Token) is an open standard for securely transmitting information between parties as a JSON object. It's commonly used for authentication and authorization in web applications. A JWT consists of three parts separated by dots: header.payload.signature.
What are the three parts of a JWT?
Header (red): Specifies the token type and signing algorithm. Payload (purple): Contains claims โ statements about the user and additional metadata. Signature (blue): Created by signing the header and payload with a secret key, ensuring the token hasn't been tampered with.
What are standard JWT claims?
Standard claims include: iss (issuer), sub (subject), aud (audience), exp (expiration time), nbf (not before), iat (issued at), and jti (unique JWT ID). The tool decodes and displays these with human-readable descriptions.
Is it safe to decode a JWT?
Yes, decoding a JWT is safe โ it's just Base64 decoding. The payload is not encrypted, only encoded. Anyone can read the payload. The signature only ensures integrity (that the token wasn't modified), not confidentiality. Never put sensitive data like passwords in a JWT payload.
Can this tool verify JWT signatures?
No, this tool only decodes the header and payload. Verifying the signature requires the secret key (for HMAC algorithms) or public key (for RSA/ECDSA). If you need signature verification, you should use a library in your programming language.
Is this tool free?
Yes, completely free with no sign-up required. All decoding happens in your browser โ your JWT token never leaves your device.