Back to Tools

JWT Decoder - Decode & Inspect JSON Web Tokens

Decode and inspect headers, payloads, and signatures of JSON Web Tokens locally.

Encoded Token (Paste here)

🔍 Token Anatomy

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFiYzEyMyJ9.eyJzdWIiOiJ1c2VyXzEyMzQ1NiIsIm5hbWUiOiJKYW5lIERvZSIsImVtYWlsIjoiamFuZUBleGFtcGxlLmNvbSIsInJvbGVzIjpbImFkbWluIiwidXNlciJdLCJpc3MiOiJodHRwczovL2F1dGguZXhhbXBsZS5jb20iLCJhdWQiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsImlhdCI6MTcxOTMwMDAwMCwibmJmIjoxNzE5MzAwMDAwLCJleHAiOjk5OTk5OTk5OTl9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header
Payload
Signature
Header: Algorithm & Token Type
{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "abc123"
}
Payload: Claims / Data
{
  "sub": "user_123456",
  "name": "Jane Doe",
  "email": "jane@example.com",
  "roles": [
    "admin",
    "user"
  ],
  "iss": "https://auth.example.com",
  "aud": "https://api.example.com",
  "iat": 1719300000,
  "nbf": 1719300000,
  "exp": 9999999999
}
Signature Verified (locally decoded)
Signature Algorithm: RSA with SHA-256 —asymmetric, public/private key

💡 Token Claims Breakdown

sub
user_123456
Subject —whom the token refers to
name
Jane Doe
Full name of the subject
email
jane@example.com
Email address of the subject
roles
["admin","user"]
User roles / permissions
iss
https://auth.example.com
Issuer —who issued the token
aud
https://api.example.com
Audience —who the token is intended for
iat
1719300000 (Tue, 25 Jun 2024 07:20:00 GMT · 743d ago)
Issued At —when the token was issued
nbf
1719300000 (Tue, 25 Jun 2024 07:20:00 GMT · 743d ago)
Not Before —token is not valid before this time
exp
9999999999 (Sat, 20 Nov 2286 17:46:39 GMT · 95097d from now)
Expiration Time —when the token expires (Unix timestamp)

About JWT Decoder

Looking for a free JWT decoder online? This tool decodes and inspects JSON Web Tokens instantly — displaying the header, payload, and signature with syntax highlighting, expiry time checks, and human-readable claim explanations. Your token never leaves your browser. No login, no server calls, 100% private.

JWT (JSON Web Token) is a compact, URL-safe token format used for authentication and information exchange. This decoder lets you inspect any JWT token without needing a backend — decode the header and payload, verify expiry, and understand every claim.

All decoding happens locally in your browser using the Web Crypto API. Your token is never transmitted to any server, making this safe to use with real tokens during development and debugging.

How to Decode a JWT Online

  1. Paste your JWT token (starts with eyJ…) into the input field
  2. The tool instantly decodes the header and payload
  3. Check the expiry status and time remaining
  4. Read claim explanations for all standard IANA JWT claims
  5. Copy the JSON header or payload with one click

JWT Structure

  • Header (red): Contains token type (JWT) and signing algorithm (HS256, RS256, ES256, etc.)
  • Payload (blue): Contains claims — registered (iss, sub, exp, iat) and custom claims
  • Signature (green): Verifies the token hasn't been tampered with (requires secret/public key)

Standard JWT Claims Decoded

  • iss — Issuer: who created the token
  • sub — Subject: who the token represents (usually user ID)
  • aud — Audience: intended recipient of the token
  • exp — Expiration: Unix timestamp when the token expires
  • iat — Issued At: Unix timestamp when the token was created
  • nbf — Not Before: token is not valid before this timestamp
  • jti — JWT ID: unique identifier to prevent replay attacks

Use Cases

  • Debugging authentication flows in web apps
  • Checking if a JWT token is expired
  • Inspecting claims returned by OAuth2/OIDC providers
  • Understanding the structure of tokens from Auth0, Firebase, AWS Cognito
  • Learning JWT internals for security auditing

FAQ Section

🔥

Is it safe to paste a real JWT here?

What is the difference between decoding and verifying a JWT?

Why does my token show as expired?

What is the nbf claim?

What JWT algorithms are supported?

Can I use this for JWTs from Auth0, Firebase, or AWS Cognito?

jwt decoder onlinedecode jwt token freejwt inspectorjson web token decoderjwt parser onlinejwt expiry checkerdecode jwt payloadjwt debugger

🔗 You Might Also Like

Lock
Password Generator
Generate cryptographically secure passwords
Key
UUID Generator
Generate UUID v4 in bulk
RefreshCw
Base64 Converter
Encode/decode Base64 strings
{ }
JSON Formatter
Format and validate JSON data