About JWT Decoder
The JWT Decoder is a free online tool that lets you decode and inspect JSON Web Tokens (JWTs) directly in your browser. JWTs are widely used in modern web authentication and authorization systems. This tool splits a JWT into its three components, the header, payload, and signature, decodes the base64url-encoded header and payload, and displays them as formatted JSON. The three parts are also color-coded in the original token for easy visual identification.
How to Use
Paste your JWT token into the text area. The tool automatically detects the three dot-separated parts and decodes them in real time. You can also click "Load sample JWT" to see the tool in action with a pre-filled token. The decoded header and payload are displayed as pretty-printed JSON with copy buttons. If the token contains standard timestamp claims (iat, exp, nbf), they are displayed in human-readable format with an indicator showing whether the token has expired.
What Is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format defined by RFC 7519. It consists of three base64url-encoded parts separated by dots: a header (specifying the algorithm and token type), a payload (containing claims such as user identity and permissions), and a signature (used to verify the token has not been tampered with). JWTs are commonly used for API authentication, single sign-on (SSO), and information exchange between services.
Security Note
This tool decodes JWTs for inspection purposes only. It does not verify the cryptographic signature because doing so requires the signing key, which should never be exposed in a browser. All decoding happens client-side in your browser. No tokens are sent to any server, making it safe to inspect tokens containing sensitive claims. Never share your JWTs publicly, as they may contain personal information or grant access to protected resources.