JWT Decoder
Paste any JSON Web Token (JWT) below to instantly decode and inspect its header, payload, and signature. The expiry time (exp), issued-at (iat), and all claims are displayed in a readable format. Your token never leaves your browser.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It consists of three Base64URL-encoded parts separated by dots:
- Header — specifies the token type (
JWT) and signing algorithm (e.g.HS256,RS256) - Payload — contains the claims: user data, roles, expiry (
exp), issued-at (iat), subject (sub), etc. - Signature — used to verify the token hasn't been tampered with (requires the secret key)
Common JWT Claims
sub — Subject
The principal that is the subject of the JWT — usually a user ID or account identifier.
exp — Expiration
Unix timestamp after which the token must not be accepted. This tool shows the human-readable expiry date.
iat — Issued At
Unix timestamp of when the token was issued. Useful for calculating token age.
iss — Issuer
Identifies the principal that issued the JWT — typically your auth server or identity provider.
aud — Audience
Identifies the recipients the JWT is intended for — usually your API or application identifier.
nbf — Not Before
Unix timestamp before which the token must not be accepted for processing.
Common Use Cases for JWT Decoding
- Inspecting the claims inside an access token or ID token during development
- Checking token expiry to debug authentication issues
- Verifying the algorithm used in the header (
algfield) - Reading user roles and permissions encoded in the payload
- Debugging OAuth 2.0 and OpenID Connect flows
JWT payloads use Base64URL encoding — use our Base64 tool for manual conversions.