Decode and inspect JSON Web Tokens. View header, payload, claims, and expiration.
A JWT is a compact, self-contained token format defined in RFC 7519. It's widely used in OAuth 2.0, OpenID Connect, and API authentication. A JWT contains three Base64URL-encoded parts separated by dots: the header (algorithm), the payload (claims), and the signature.
iss (issuer), sub (subject), aud (audience), exp (expiration time), nbf (not before), iat (issued at), and jti (JWT ID) are the registered claims. Applications can define custom claims for any additional data.
Yes. All decoding happens in your browser using JavaScript. Nothing is sent to any server. However, be cautious with production tokens containing sensitive data — this tool is intended for development and debugging.
This tool is for decoding/inspecting only. Creating properly signed JWTs requires a secret key or private key, which should be handled server-side. For testing, you can use jwt.io or create tokens programmatically.