Free JWT Decoder
Paste a JSON Web Token to decode its header, payload and claims. Expiry time, issuer, subject and all standard claims are displayed in a readable format. Your token never leaves your browser.
About JWT Decoder
A JSON Web Token (JWT) consists of three Base64URL-encoded segments separated by dots: Header.Payload.Signature. The header describes the token type and signing algorithm. The payload contains claims — statements about the subject. The signature verifies the token's integrity.
This tool decodes the header and payload segments client-side. It does not verify the signature (which requires the secret key), but shows the algorithm used so you can perform verification server-side.
Standard JWT Claims
| Claim | Name | Description |
|---|---|---|
| iss | Issuer | Who issued the token |
| sub | Subject | Token subject (usually user ID) |
| aud | Audience | Intended recipients |
| exp | Expiration | Unix timestamp when token expires |
| iat | Issued At | When token was issued |
| nbf | Not Before | Token is not valid before this time |
| jti | JWT ID | Unique identifier for the token |
Frequently Asked Questions
Decoding happens entirely in your browser. The token is never sent to any server. However, avoid pasting tokens that grant access to sensitive resources in any tool if there is risk of your screen being observed.
No. Signature verification requires the secret key (for HMAC algorithms) or the public key (for RSA/ECDSA). This tool decodes the header and payload only and cannot validate token authenticity.
All JWT algorithms can be decoded for header and payload display: HS256, HS384, HS512, RS256, RS384, RS512, ES256, PS256, and others. The algorithm name is shown in the header section.