Decode and inspect JWT tokens to view header, payload, and signature information. All processing happens in your browser.
JWT Token Input
Paste the complete JWT token (header.payload.signature)
Token Structure
Header
Payload
Signature
Header
Payload (Claims)
Signature Information
JWT Information
Standard Claims
iss | Issuer - who created the token |
sub | Subject - who the token is about |
aud | Audience - who the token is for |
exp | Expiration Time - when token expires |
nbf | Not Before - when token becomes valid |
iat | Issued At - when token was created |
jti | JWT ID - unique identifier |
Common Algorithms
HS256 | HMAC with SHA-256 (symmetric) |
HS384 | HMAC with SHA-384 (symmetric) |
HS512 | HMAC with SHA-512 (symmetric) |
RS256 | RSA with SHA-256 (asymmetric) |
RS384 | RSA with SHA-384 (asymmetric) |
RS512 | RSA with SHA-512 (asymmetric) |
ES256 | ECDSA with SHA-256 (asymmetric) |
none | No signature (insecure) |
Privacy First
This tool only decodes JWTs client-side. It does not verify signatures or validate tokens. Never paste tokens containing sensitive data into untrusted tools.