What is JWT Decoder?

JWT Decoder is a tool for decoding a JWT (JSON Web Token) and inspecting its header and payload. It is useful when you want to check token contents during authentication debugging or API development.

The token is parsed in the browser and the header and payload are shown as JSON. If the token format is invalid, the tool displays an error message instead.

How to Use

1. Paste a JWT into the input field.
2. Review the decoded header and payload.
3. If an error appears, check the token format and remove any unwanted characters.

Because the output updates quickly, it is easy to compare multiple tokens while debugging.

What You Can Review

Header

You can inspect token metadata such as the signing algorithm and token type.

Payload

You can inspect claims such as sub, iss, exp, and iat, along with any custom values included in the token.

Basic JWT Structure

A JWT usually has three parts separated by .:

1. Header
2. Payload
3. Signature

This tool displays the header and payload. It does not verify the signature itself.

Use Cases

• Checking the contents of a JWT returned by an API
• Debugging login or authentication flows
• Reviewing claims such as exp or iat
• Confirming that custom fields are present as expected

Input and Output Example

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

An input like this is decoded into readable JSON such as:

{
  "alg": "HS256",
  "typ": "JWT"
}

{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true,
  "iat": 1516239022
}

Things to Keep in Mind

• JWT payloads are typically encoded, not encrypted, so they should not be treated as secret by default
• This tool is for inspecting header and payload data, not for validating the signature
• Processing happens in the browser, but it is still safer to avoid sharing sensitive production tokens unnecessarily