DecoderJWT
Inspect the contents of any JSON Web Token (JWT) by decoding its header and payload instantly. JWTs are used for authentication and authorization in modern web applications — they carry claims like user ID, roles, email, and token expiry encoded in a Base64 URL format. When debugging authentication issues, reviewing token contents during development, or understanding what claims a system is passing, this decoder reveals the token data immediately.
Use JWT Tool in Seconds
JWT Decoder
Interactive text engine
How To Use JWT Decoder
- Paste the JWT token string into the input field — it consists of three dot-separated Base64 URL-encoded segments.
- The tool splits the token at the dots and decodes the first two segments (header and payload).
- The decoded header JSON is displayed, showing the token type and signing algorithm.
- The decoded payload JSON is displayed, revealing all claims including user ID, roles, and expiry timestamp.
- Review the claims to verify the token content — note that this tool does not verify the signature.
Frequently Asked Questions
Does this verify JWT signatures?
No. This tool decodes the header and payload for inspection purposes only — it does not verify the cryptographic signature. JWT signatures can only be verified using the secret key (for HMAC algorithms) or the public key (for RSA/ECDSA algorithms) that was used to sign the token. Signature verification must be done in your application using a proper JWT library. Never trust a JWT solely because it can be decoded.
What is a JWT and what does it contain?
A JSON Web Token (JWT) is a compact, URL-safe token format used to transmit claims between parties. It consists of three Base64 URL-encoded parts separated by dots: the header (containing token type and signing algorithm), the payload (containing the actual claims — user data, permissions, expiry), and the signature (used to verify the token has not been tampered with). The payload is readable by anyone who has the token.
Is it safe to paste a production JWT token into this tool?
Use caution when handling production tokens. While this tool runs client-side and does not send your token to a server, JWTs may contain sensitive user information like email addresses, user IDs, and access permissions. For debugging production issues, consider using test tokens or redacting sensitive claims before sharing. Never paste tokens containing private keys, passwords, or payment information.
What are JWT claims?
JWT claims are the statements encoded in the token payload. Standard registered claims include: iss (issuer), sub (subject), aud (audience), exp (expiration time as Unix timestamp), nbf (not before), iat (issued at time), and jti (JWT ID). Applications add custom claims for application-specific data like user roles, permissions, and profile information. The exp claim is particularly important — check it first when debugging authentication failures.
Why is my JWT payload showing an expiry time as a large number?
JWT expiry times (exp claim) and issue times (iat claim) are expressed as Unix timestamps — the number of seconds that have elapsed since January 1, 1970 UTC. For example, 1704067200 represents January 1, 2024. To convert a Unix timestamp to a readable date, use the Unix Timestamp Converter tool on this site. Comparing the exp value to the current Unix timestamp tells you whether a token has expired.
Related Tools
Continue exploring similar tools to complete related tasks faster and discover more useful utilities.
JSON Formatter
Format JSON for readability.
JSON Validator
Validate JSON structure online.
URL Encoder
Encode URL text safely online.
URL Decoder
Decode URL text online.
Base64 Encoder
Encode strings into Base64.
Base64 Decoder
Decode Base64 strings online.
Percentage Calculator
Calculate percentages quickly and clearly.
Loan Calculator
Estimate monthly loan payments instantly.