JWT Decoder
Decode and inspect JSON Web Tokens - view header, payload, and expiry details instantly
🔑 Paste JWT Token
🔒 Privacy note: This tool decodes tokens entirely in your browser. Your JWT is never sent to any server.
🔐 About JWT (JSON Web Tokens)
- • JWTs consist of three Base64URL-encoded parts: header.payload.signature
- • Never store sensitive data in JWT payloads - the payload is only encoded, not encrypted
- • Always validate the signature and expiry on the server side
- • Common algorithms: HS256 (HMAC), RS256 (RSA), ES256 (ECDSA)
- • JWT spec defined in RFC 7519