What is a JSON Web Token (JWT)?

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.

The Structure of a JWT

A JWT consists of three parts separated by dots (.):

Header: Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. This JSON is Base64Url encoded to form the first part of the JWT.
Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims. This JSON is Base64Url encoded to form the second part of the JWT.
Signature: To create the signature part, you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. The signature is used to verify the message wasn't changed along the way.

How This JWT Decoder Works

This tool provides a secure and straightforward way to decode and inspect JWTs:

Client-Side Security: All decoding happens directly in your browser. Your token, which may contain sensitive information, is never transmitted to our servers.
Instant Analysis: Simply paste your JWT into the input field. The tool will instantly parse the token and display the decoded Header and Payload in a readable, formatted JSON structure.
No Signature Verification: For your security, this tool does not ask for your secret key and therefore does not verify the token's signature. Never paste your secret key into any online tool.