JWT Decoder

Decode and inspect JSON Web Tokens. View header, payload, and claims.

JWT Token

Token Structure

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE3MzU2ODk2MDAsInJvbGUiOiJhZG1pbiJ9.signature_placeholder

HeaderPayloadSignature

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Algorithm: HS256

Type: JWT

Payload

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022,
  "exp": 1735689600,
  "role": "admin"
}

Claims Analysis

sub

Subject - Who this token is about

"1234567890"

name

"John Doe"

iat

Issued At - When this token was issued

1516239022

Thursday, 18 January 2018 at 1:30:22 am UTC

exp

Expiration Time - When this token expires

1735689600

Wednesday, 1 January 2025 at 12:00:00 am UTC

Expired

role

"admin"

Signature

signature_placeholder

Note: Signature verification requires the secret key, which is not done client-side for security reasons.

About JWT

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. It's commonly used for authentication and authorization.

Security Note

JWTs are encoded, not encrypted. Anyone can decode and read the contents. Never store sensitive information in a JWT payload. Always verify signatures server-side.