JWT Decoder
Decode and inspect JSON Web Tokens — view header, payload, claims and expiry status instantly. No data is sent to any server.
What is a JWT?
Structure
A JWT consists of three Base64URL-encoded parts: Header (algorithm), Payload (claims), and Signature (integrity), joined by dots.
Common Claims
sub (subject), iss (issuer), exp (expiry), iat (issued at), aud (audience), jti (token ID).
Security Note
JWTs are encoded, not encrypted. Never store sensitive data in the payload. Always verify the signature server-side.
Algorithms
Common: HS256 (HMAC-SHA256), RS256 (RSA-SHA256), ES256 (ECDSA). HS256 uses a shared secret; RS256/ES256 use public/private key pairs.