Free Online JWT Decoder
JSON Web Tokens (JWT) are widely used for authentication and secure data transfer in modern web applications. Our free JWT decoder allows you to inspect the contents of any JWT token instantly, helping you debug authentication issues and understand token structures.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims between two parties. JWTs are commonly used for authentication—when a user logs in, the server returns a JWT that the client sends with subsequent requests to prove their identity.
JWT Structure
A JWT consists of three parts separated by dots:
- Header: Contains the token type (JWT) and the signing algorithm (e.g., HS256, RS256).
- Payload: Contains the claims—statements about the user and additional metadata.
- Signature: Verifies the token hasn't been tampered with. Created by signing the header and payload with a secret key.
Common JWT Claims
- iss (issuer): Who issued the token.
- sub (subject): The user the token represents.
- exp (expiration): When the token expires (Unix timestamp).
- iat (issued at): When the token was issued.
- aud (audience): Who the token is intended for.
Important Security Note
This tool only decodes JWTs—it does not verify signatures. Anyone can decode a JWT since the header and payload are simply Base64-encoded. The security comes from the signature verification, which requires the secret key.
All decoding happens locally in your browser. Your JWT tokens are never sent to any server, ensuring your authentication data remains private.