Developer Tools
JWT Decoder
Decode, inspect, and verify JSON Web Tokens (JWT) instantly.
Load Demo Token:
Token Structure (Color Coded)
Paste a token to see its structure
Decoded payload JSON will appear here...
About JWT Decoder
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
Understanding JWT Structure:
- Header: Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 (HS256) or RSA SHA256 (RS256).
- Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.
- Signature: To create the signature part you must take the encoded header, the encoded payload, a secret (or public/private key), the algorithm specified in the header, and sign that.
Standard Registered Claims:
| Claim | Full Name | Description |
|---|---|---|
| iss | Issuer | Identifies the principal that issued the JWT. |
| sub | Subject | Identifies the principal that is the subject of the JWT (e.g. user ID). |
| aud | Audience | Identifies the recipients that the JWT is intended for. |
| exp | Expiration Time | The time on or after which the JWT must not be accepted. |
| nbf | Not Before | The time before which the JWT must not be accepted. |
| iat | Issued At | The time at which the JWT was issued. |
| jti | JWT ID | A unique identifier for the token (can be used to prevent replay attacks). |