Header
Payload
Signature
Ready

What is a JWT?

A JSON Web Token is a compact token made of three Base64URL-encoded parts: header, payload, and signature. The header describes the algorithm, the payload contains claims, and the signature lets a server verify that the token was not altered.

This decoder is useful for inspecting claims such as sub, iat, exp, issuer, audience, scope, and custom application fields. It does not verify the signature.

Practical JWT examples

Expiration debugging: decode exp and compare it with the current time when an API suddenly returns 401 or 403.

Audience checks: inspect aud, iss, and scope when a token works in one service but fails in another.

Header review: read fields such as alg and kid to confirm which signing method and key identifier a server expects.

FAQ

Can this tool verify JWT signatures?

No. Signature verification requires the secret key or public key. This page decodes the token so you can read the header and payload.

What does exp mean in a JWT?

exp is the expiration time as a Unix timestamp. The decoder converts it into an ISO date and marks whether it is expired.

What is Base64URL?

Base64URL is a URL-safe Base64 variant used by JWTs. It replaces characters that are awkward in URLs and often omits padding.

Should I paste production tokens?

Avoid pasting live secrets or bearer tokens unless you are comfortable handling them in the current browser session. The decoder reads the token in the page but does not verify or revoke it.