JWT Token Decoder
Decode and analyze JSON Web Tokens (JWT) safely in your browser.
Encoded Token
Decode a token to view details
JWT Scenarios & Examples
Standard Access Token
A typical authenticating token with subject, issuer, and expiration.
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"exp": 1516242622,
"iss": "https://auth.example.com"
}About this tool
A JSON Web Token (JWT) is a compact, URL-safe token made of three Base64URL-encoded parts separated by dots — a header, a payload of claims, and a signature. They are the backbone of stateless authentication and authorization: an API issues a signed token at login and the client sends it on every request, so the server can trust the claims without a database lookup. Because the header and payload are only encoded (not encrypted), anyone holding a token can read what's inside — which is exactly why inspecting them safely matters.
This decoder splits a token into its header and payload, pretty-prints the JSON claims, and surfaces the standard registered claims (iss, sub, aud, exp, iat, nbf) in a readable form — including whether the token is expired and how long until it expires. All decoding happens locally in your browser using the Web platform's own Base64URL handling; your token is never transmitted, logged, or stored, so it's safe to paste production tokens.
How to use
Paste the token
Paste a JWT (the long xxxxx.yyyyy.zzzzz string) into the input, or load a sample token.
Read the header and payload
The tool decodes both segments and pretty-prints the JSON so you can inspect the algorithm, token type, and every claim.
Check expiration and timing
Registered time claims (exp, iat, nbf) are converted to human-readable dates, and the tool flags whether the token is currently valid or expired.
Copy what you need
Copy the decoded header or payload JSON to reuse in tests, bug reports, or documentation.
Standard JWT claims
| Claim | Meaning |
|---|---|
| iss | Issuer — who created and signed the token |
| sub | Subject — the user or entity the token is about |
| aud | Audience — the intended recipient(s) of the token |
| exp | Expiration time — after this the token must be rejected |
| iat | Issued-at time — when the token was created |
| nbf | Not-before time — the token is invalid until this moment |
Decoding does not verify the signature — never trust an unverified token's claims on the server.
Frequently asked questions
Related tools
JSON Formatter
Advanced JSON formatter with validation, analysis, search, multiple format modes, file upload, and comprehensive statistics.
Hash Generator
Generate multiple cryptographic hashes with comprehensive analysis, security information, file upload, and multiple output formats
UUID Generator
Generate different versions of UUIDs (v1, v4)
Password Generator
Generate secure passwords with customizable options including length, character sets, and complexity requirements
Cron Expression Builder
Build and validate cron expressions with visual interface and presets