JWT Decoder & Verifier
Decode, analyze, and verify JSON Web Tokens with comprehensive security insights
Security Warning
Never paste production JWT tokens or secrets in online tools. This tool runs locally in your browser, but always be cautious with sensitive authentication data. Use only for development and testing purposes.
Sample JWT Tokens
Click to load example tokens for testing
JWT Token Input
Paste your JWT token to decode and analyze
About JSON Web Tokens (JWT)
Structure: JWTs consist of three Base64-encoded parts separated by dots: Header.Payload.Signature
Header: Contains the token type (JWT) and signing algorithm (e.g., HMAC SHA256, RSA)
Payload: Contains the claims - statements about an entity and additional data
Signature: Used to verify the token hasn't been tampered with and, if signed with a private key, can verify the sender
Common Claims: iss (issuer), sub (subject), aud (audience), exp (expiration), iat (issued at), nbf (not before)
Security Note: JWTs are signed, not encrypted. Don't include sensitive information in the payload unless encrypted separately.