JWT Decoder

Decode and inspect JSON Web Tokens instantly. View header, payload, claims, and check expiration. 100% client-side — your token stays private.

Paste JWT Token

✗ Token has EXPIRED

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022,
  "exp": 1734000000
}

Claims

Claim	Value	Description
sub	"1234567890"	Subject
name	"John Doe"	Name
iat	1516239022 (1/18/2018, 1:30:22 AM)	Issued At
exp	1734000000 (12/12/2024, 10:40:00 AM)	Expiration Time

Signature

SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

⚠️ Signature cannot be verified without the secret key.

Frequently Asked Questions

Is my JWT token safe here?▼

Absolutely. Decoding happens 100% in your browser. Your token is never sent to any server. You can verify by disconnecting from the internet and trying again.

What is a JWT?▼

JSON Web Token (JWT) is a compact, URL-safe way to represent claims between parties. It has 3 parts: header (algorithm), payload (claims/data), and signature (verification).

Can this verify the signature?▼

This tool decodes the token but cannot verify the signature without the secret key. For signature verification, you need the signing key on your backend.

What do exp, iat, iss mean?▼

exp = expiration time, iat = issued at, iss = issuer, sub = subject, aud = audience. These are registered JWT claims defined in RFC 7519.

Share:𝕏 Twitter WhatsApp LinkedIn

JWT Decoder

Header

Payload

Claims

Signature

💡 Related Tools

Frequently Asked Questions

JWT Decoder

Header

Payload

Claims

Signature

💡 Related Tools

Frequently Asked Questions