JWT Decoder

Decode JSON Web Tokens to view the header, payload, and signature. Displays expiration status and standard claims. No secret required for decoding.

JWT Token

Related Tools

UUID Generator
Generate v1, v4, and v5 UUIDs in bulk
Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-512 hashes
Regex Tester
Test and debug regular expressions in real-time
Timestamp Converter
Convert Unix timestamps to human-readable dates

Frequently Asked Questions

What is a JWT?

A JWT (JSON Web Token) is a compact, URL-safe token format used for authentication and authorization. It consists of three Base64url-encoded parts: a header (algorithm), payload (claims), and signature.

Do I need the secret to decode a JWT?

No. The header and payload are Base64url-encoded and can be decoded by anyone. Only the signature verification requires the secret. Decoding ≠ verification.

Is it safe to paste my JWT here?

This tool decodes entirely in your browser — nothing is sent to a server. However, be cautious with JWTs in production systems as they may grant access to services.

What are common JWT claims?

Standard claims include: iss (issuer), sub (subject), aud (audience), exp (expiration time), iat (issued at), jti (JWT ID), and nbf (not before).

What is the difference between HS256 and RS256?

HS256 uses a shared secret for signing (symmetric). RS256 uses a public/private key pair (asymmetric). RS256 is more secure for distributed systems.

About JWT Decoder

Decode JSON Web Tokens to view the header, payload, and signature. Displays expiration status and standard claims. No secret required for decoding.

jwtjson web tokendecodeauthbearer