Back to all tools

JWT Decoder

Decode and inspect JSON Web Tokens without signature verification

Developer Tools

About JWT Decoder

This tool decodes JSON Web Tokens (JWT) and displays their contents. It does not verify the signature, so it should only be used for debugging and inspection purposes.

JWT Structure:

A JWT consists of three Base64Url encoded parts separated by dots:

  • Header - Contains metadata about the token (algorithm, type)
  • Payload - Contains the claims (user data, permissions, expiration)
  • Signature - Used to verify the token has not been tampered with
Common Claims:
  • iss - Issuer
  • sub - Subject (user ID)
  • aud - Audience
  • exp - Expiration time (Unix timestamp)
  • iat - Issued at (Unix timestamp)
  • nbf - Not before (Unix timestamp)
Security Note:

This tool only decodes the token and does not verify its signature. Never trust the contents of a JWT without proper verification on your backend server.