Decode JSON Web Tokens to inspect header and payload
JSON Web Tokens (JWT) are an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. They are commonly used for authentication and authorization in web applications. A JWT consists of three parts: Header, Payload, and Signature, each Base64Url encoded and separated by dots.
Our JWT decoder lets you inspect the header and payload of any JWT token instantly. All decoding happens in your browser - no data is ever sent to our servers, ensuring your tokens remain private.
Yes! The header and payload are only Base64Url encoded, not encrypted. Anyone can decode them. The signature, which requires the secret, verifies the token hasn't been tampered with.
Absolutely. All decoding happens directly in your browser. Your JWT tokens never leave your device and are not stored or transmitted anywhere.
The payload contains claims about the user or session. Common claims include sub (subject), name, iat (issued at), and exp (expiration time).