Back to Main

JWT Decoder & Verifier

JWT Decoder & Verifier

Decode, analyze, and verify JSON Web Tokens with comprehensive security insights

Security Warning

Never paste production JWT tokens or secrets in online tools. This tool runs locally in your browser, but always be cautious with sensitive authentication data. Use only for development and testing purposes.

Sample JWT Tokens

Click to load example tokens for testing

JWT Token Input

Paste your JWT token to decode and analyze

About JSON Web Tokens (JWT)

Structure: JWTs consist of three Base64-encoded parts separated by dots: Header.Payload.Signature

Header: Contains the token type (JWT) and signing algorithm (e.g., HMAC SHA256, RSA)

Payload: Contains the claims - statements about an entity and additional data

Signature: Used to verify the token hasn't been tampered with and, if signed with a private key, can verify the sender

Common Claims: iss (issuer), sub (subject), aud (audience), exp (expiration), iat (issued at), nbf (not before)

Security Note: JWTs are signed, not encrypted. Don't include sensitive information in the payload unless encrypted separately.