JWT Decoder

Parse JSON Web Token to view Header and Payload info.

Header

Waiting for decode...

Payload

Waiting for decode...

What is a JWT?

JWT (JSON Web Token) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. It is commonly used for authentication after a user logs in.

A JWT typically consists of three parts, separated by dots .: Header, Payload, and Signature.

How to use this tool?

  1. Paste Token: Paste your long JWT string into the input box.
  2. Auto Parse: The tool will automatically split it into three parts and display the content as formatted JSON.
  3. Inspect: You can clearly see the User ID, Expiration Time (exp), and the signing algorithm.

Why use a JWT Decoder?

  • Debugging Authentication: Developers need to check if the Token has expired or if the user information inside is correct.
  • Troubleshooting Permissions: Check if the user’s Role or Scope is correctly written in the Token.
  • Security Checks: Verify if the Token’s signature is valid (requires secret key).

Frequently Asked Questions (FAQ)

Can I modify the content of a JWT?

You can decode and view the content, but you cannot modify it arbitrarily. The third part of a JWT is the signature, which is generated based on the first two parts and a secret key. If you modify the content, the signature will become invalid, and the server will reject the Token.

Is this tool secure?

This tool runs entirely in your browser (client-side). Your Token is not sent to any server, so you can safely debug test environment tokens. However, for security reasons, please do not use any online tool with sensitive production tokens.