Decode and inspect JSON Web Tokens (JWT) with header, payload analysis, and expiry checking
A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and authorization in web applications.
A JWT consists of three parts separated by dots: Header (algorithm and token type), Payload (claims and data), and Signature (verification hash). Each part is Base64Url encoded.
Common claims include: iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), and jti (JWT ID). Custom claims can also be added.
This tool only decodes the token — it does not verify the signature. Never paste production tokens with sensitive data into online tools. JWTs are encoded, not encrypted, so anyone can read the payload.