Developer Tools

JWT Decoder

Decode, inspect, and verify JSON Web Tokens (JWT) instantly.

Load Demo Token:

Token Structure (Color Coded)

Paste a token to see its structure
Signature Verification
Enter a token to configure verification
Decoded payload JSON will appear here...

About JWT Decoder

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Understanding JWT Structure:

  • Header: Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 (HS256) or RSA SHA256 (RS256).
  • Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.
  • Signature: To create the signature part you must take the encoded header, the encoded payload, a secret (or public/private key), the algorithm specified in the header, and sign that.

Standard Registered Claims:

ClaimFull NameDescription
issIssuerIdentifies the principal that issued the JWT.
subSubjectIdentifies the principal that is the subject of the JWT (e.g. user ID).
audAudienceIdentifies the recipients that the JWT is intended for.
expExpiration TimeThe time on or after which the JWT must not be accepted.
nbfNot BeforeThe time before which the JWT must not be accepted.
iatIssued AtThe time at which the JWT was issued.
jtiJWT IDA unique identifier for the token (can be used to prevent replay attacks).

Frequently Asked Questions