JWT Token: JWT tokens have three parts separated by dots: header.payload.signature

Signature Validation (Optional)

Validate signature

Decoding...

Decoded JWT

Header

Payload

Signature

Token Information

About JWT Token Decoder

Decode and validate JSON Web Tokens (JWT) online. View headers, payloads, and verify signatures for API development. JWT is a compact, URL-safe means of representing claims to be transferred between two parties.

JWT Structure

Header: Contains algorithm and token type information
Payload: Contains claims (user data, expiration, etc.)
Signature: Verifies the token hasn't been tampered with
Format: header.payload.signature (Base64URL encoded)
Common Claims: iss (issuer), exp (expiration), sub (subject), aud (audience)

Frequently Asked Questions

What is a JWT token?

JWT (JSON Web Token) is a compact, URL-safe means of representing claims between two parties. It's commonly used for authentication and information exchange in web applications.

Is signature validation secure here?

This tool validates signatures client-side for development purposes. For production applications, always validate JWT signatures on your secure server.

Can I decode expired tokens?

Yes, you can decode expired tokens to view their contents. The tool will show expiration status in the token information section.

What signature algorithms are supported?

The tool can decode tokens with any algorithm but can only validate HMAC signatures (HS256, HS384, HS512) as they use symmetric keys. RSA/ECDSA require private keys.