JWT Structure
- Header: Algorithm (alg), Token Type (typ)
- Payload: Claims - sub, iss, exp, iat, etc.
- Signature: Generated from Header + Payload + Secret
🔑 What is JWT Decoder?
JWT (JSON Web Token) is a token format used for authentication and information exchange in web applications. It consists of three parts: Header (algorithm info), Payload (claims data), and Signature (verification), each separated by dots (.) and encoded in Base64url format. This tool decodes JWTs to inspect token contents and verify expiration times.
📋 Standard JWT Claims
Frequently Asked Questions
Is JWT decoding safe?▼
JWT Header and Payload use Base64url encoding (not encryption), so anyone can decode them. Only the Signature prevents tampering. Never put sensitive data in the Payload.
How do I check if a token is expired?▼
Compare the exp (expiration) claim in the Payload with the current time. This tool automatically displays the expiration status.
Can this tool verify JWT signatures?▼
Signature verification requires a secret key (HMAC) or public key (RSA/ECDSA). This tool only performs decoding for security reasons. Signature verification should be done server-side.
What is JWT Decoder?
Decode JSON Web Tokens (JWT) to view their header, payload, and signature parts. Check token expiration, claims, and structure. No private key required - decodes the Base64 parts only.