JWT Decoder

Decode JWT tokens client-side

JWT Token

Paste a JWT token above to decode it

Your token is decoded locally and never sent to any server

About JWT Token Decoder

1What is it?

Decode JSON Web Tokens (JWT) to inspect their header, payload, and signature parts. This tool makes it easy to debug authentication issues by showing token expiration status, issued time, and all standard claims in a readable format. Perfect for developers working with OAuth, API authentication, or any JWT-based systems.

2Use Cases

  • Debug authentication issues in web applications
  • Verify token expiration and validity
  • Inspect claims and permissions in tokens
  • Understand JWT structure for learning
  • Troubleshoot API authorization failures
  • Verify issuer and audience claims
  • Check token signature algorithm

3Examples

Decode JWT structure

Input

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.signature

Output

Header: {alg: 'HS256'}
Payload: {name: 'John Doe'}

?Frequently Asked Questions

Is it safe to paste my JWT here?

Yes, completely safe. All decoding happens in your browser using JavaScript. Your token is never sent to any server. You can verify this by checking the Network tab in browser DevTools - no requests are made when decoding.

Can this tool verify JWT signatures?

No, and that's intentional. Signature verification requires the secret key or public key, which should never be shared or pasted into a web tool. This tool only decodes and displays the token contents.

What do the standard JWT claims mean?

Common claims: 'sub' (subject/user ID), 'iat' (issued at timestamp), 'exp' (expiration timestamp), 'iss' (issuer), 'aud' (audience), 'nbf' (not valid before). Custom claims vary by implementation.

Why does my token show as expired?

The 'exp' (expiration) claim is compared against your current local time. If your clock is incorrect or the token has genuinely expired, it will show as expired. Tokens typically expire after minutes to hours for security.

What's the difference between JWT and OAuth?

OAuth is an authorization framework/protocol. JWT is a token format. OAuth often uses JWTs as access tokens or ID tokens, but they're different concepts. A JWT encodes data in a verifiable format; OAuth defines how to obtain and use tokens.