JWT Decoder

Decode any JWT token to inspect its header, payload claims, and signature. Automatically detects algorithm, parses timestamp claims (exp, iat, nbf) into human-readable dates, and shows expiry status. Color-coded visualization of all three JWT parts.

JWT Structure

Header: Contains algorithm (alg) and token type (typ). Common algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512.

Payload: Contains claims. Registered claims: iss (issuer), sub (subject), aud (audience), exp (expiration time), nbf (not before time), iat (issued at time), jti (JWT ID). Public claims: Custom claims defined by applications.

Signature: Verifies token authenticity. The decoder shows the signature but does not verify it (requires secret/public key).

Timestamp Parsing

Expiration (exp): Shows expiry date/time and indicates if token is expired. Issued At (iat): Shows when token was created. Not Before (nbf): Shows when token becomes valid.

Algorithm Detection

Automatically detects algorithm from header. Shows algorithm type (HMAC, RSA, ECDSA). Validates that algorithm is properly formatted.

Security Notes

Decoding only reveals the token contents. Signature verification requires the secret key (for HS256) or public key (for RS256/ES256). Never share your JWT secret key. Never paste production tokens with sensitive data into any online tool without understanding the risks.