JWT Decoder & Validator

Paste any JWT token to decode its header, payload, and signature. This tool validates token format and highlights common claims like expiration, issuer, and subject.

Token Input
Validation Summary
Valid JWT format
Active

Issuer (iss):

Subject (sub): 1234567890

Audience (aud):

Token ID (jti):

Expiration Details

exp: 4102444800

Expires at: 1/1/2100, 5:00:00 AM (2100-01-01T00:00:00.000Z)

Seconds until expiry: 2330323866

Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "1234567890",
  "name": "Agile Developer",
  "iat": 1516239022,
  "exp": 4102444800,
  "role": "admin"
}
Signature
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

About JWT Decoder

This JWT Decoder allows developers to inspect the contents of a JSON Web Token (JWT) without sending it to a server. JWTs are widely used for authentication and information exchange securely between parties.

🛡️ Security Note

All decoding is performed client-side in your browser using JavaScript. We do not record, store, or transmit your tokens. You can inspect the network tab to verify this.

Structure of a JWT

A JSON Web Token consists of three parts separated by dots (.):

  • Header: Contains metadata about the token type and cryptographic algorithm (e.g., HS256, RS256).
  • Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data. Standard claims include exp (expiration time), iat (issued at), and sub (subject).
  • Signature: Used to verify the message wasn't changed along the way. In the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.

Common Use Cases

  • Debugging authentication issues (e.g., checking if a token has expired).
  • Verifying the content of a token (e.g., checking user roles or permissions).
  • Testing JWT implementation in your applications.