JWT Decoder

What is a JWT?

JSON Web Tokens are an open, industry standard RFC 7519 method for securely representing claims between two parties. This tool decodes the Base64Url encoded header and payload parts.

Free Online JWT Debugger

Decode and verify JSON Web Tokens (JWT) instantly. View headers, algorithms, and payload claims in a readable JSON format.

Visualize Claims

Instantly parses the Base64Url string to show you the stored user data (sub, iat, exp).

Check Expiry

Converts the `exp` timestamp into a human-readable date so you know if the token is valid.

100% Private

Decoding happens entirely in your browser. Your sensitive auth tokens are never sent to a server.

Understanding JWTs

JSON Web Tokens are the standard for stateless authentication. A JWT consists of three parts separated by dots:

  • Header

    Contains metadata about the type of token and the signing algorithm (e.g., HS256).

  • Payload

    Contains the "claims" about the user (ID, role, expiration) and other data.

  • Signature

    Used to verify that the message wasn't changed along the way.

Technical Details

Structure Breakdown

A JWT looks like `xxxxx.yyyyy.zzzzz`. The first part is the header, the second is the payload, and the third is the signature. Each part is separated by a period (`.`).

Base64Url Encoding

JWTs use **Base64Url** encoding (RFC 7515), which is similar to standard Base64 but uses `-` and `_` instead of `+` and `/`, making it safe for URLs.

Security Warning

This tool only **decodes** the token (makes it readable). It does not **verify** the signature. Anyone can decode a JWT, but only the server with the secret key can verify if it's authentic.

How to use

1

Paste Token

Insert your JWT string (usually starts with 'ey...').

2

Decode

Click "Decode Token" to parse the Base64Url parts.

3

Inspect Claims

View the Header and Payload data in JSON format.