Paste encoded Token (JWT)
Try with a sampleDecoded JSON Web Token
Quickly decode JWT headers and payload claims locally in your browser. Automatically parses timestamps, displays claim details, and color-codes JSON structures for flawless debugging.
JWT Debugger & Decoder Guide
Decode JSON Web Tokens (JWT) instantly. Inspect headers, check payloads, and verify expiration dates without exposing secret keys.
How to Decode JSON Web Tokens:
-
1
Paste your encoded JWT string (containing three parts separated by dots) into the token box.
-
2
The decoder automatically splits the token into Header, Payload, and Signature blocks.
-
3
View payload claims, issue dates, expiration times, and algorithm types.
-
4
Check expiration times to see if your token is still valid.
JWT Debugger Capabilities:
Three-Part Breakdown
Color-coded interface separating Header, Payload, and Signature.
Expiration Tracker
Automatically translates Unix timestamps (exp, iat) into local date-times.
Signature Verification Info
Displays algorithm details (HS256, RS256) used to sign the token.
Client-Side Decoding
Decoding is done locally, keeping sensitive payload claims private.
Technical Specifications
| Specification | Details / Limits |
|---|---|
| Standard Scope | RFC 7519 JWT Standards |
| Algorithms Supported | HS256, HS384, HS512, RS256, RS384, RS512 |
| Data Security | 100% Local Decoding, Zero Server Calls |
Frequently Asked Questions
What are the three parts of a JWT?
A JSON Web Token consists of three parts separated by dots (`.`): Header (defines algorithm and token type), Payload (contains user claims), and Signature (verifies integrity).
Is a JWT encrypted?
No. Standard JWTs are encoded using Base64URL, not encrypted. Anyone can decode and read the contents of a JWT, so you should never store sensitive data like passwords inside them.
How do I verify a JWT signature?
To verify a JWT signature, take the header and payload, hash them using the algorithm specified in the header and your secret key, and match it against the signature block.