JWT Decoder

Decode and inspect JSON Web Tokens. View the header, payload, signature, algorithm, and expiration. All processing happens locally in your browser — tokens never leave your device.

JWT

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsIm5hbWUiOiJKYW5lIERvZSIsImlhdCI6MTcxNTAwMDAwMCwiZXhwIjoxNzQ2NTM2MDAwLCJyb2xlcyI6WyJhZG1pbiJdfQ.qpnHh0V2nB3a3vK5V6Kmdf_wS8B7g4m4kYvN3mYX0Qk

Algorithm

HS256

Type

JWT

Status

Expired

352d ago

Issued at

2024-05-06 12:53:20 UTC

1715000000

Expires at

2025-05-06 12:53:20 UTC

1746536000

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "user_123",
  "name": "Jane Doe",
  "iat": 1715000000,
  "exp": 1746536000,
  "roles": [
    "admin"
  ]
}

Signature

qpnHh0V2nB3a3vK5V6Kmdf_wS8B7g4m4kYvN3mYX0Qk

The signature is a cryptographic hash — it cannot be verified without the secret or public key used to sign the token. This tool only decodes the contents.

About JSON Web Tokens

A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three base64url-encoded segments joined by dots: a header describing the algorithm, a payload with the claims, and a signature used to verify authenticity.

Because the payload is only encoded — not encrypted — anyone with the token can read its contents. Never include sensitive data in the payload and always verify the signature on the server with the correct secret or public key.