JWT Token
About JWT Tokens
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three Base64URL-encoded parts: a header, a payload, and a signature, separated by dots.
Security Note
This decoder runs entirely in your browser. No tokens are sent to any server. However, never paste production tokens with sensitive data into any online tool. JWTs are signed, not encrypted — anyone can read the payload.
Registered Claims
The JWT spec defines standard claims: iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), and jti (JWT ID).
Common Algorithms
The alg header field specifies the signing algorithm. Common values include HS256 (HMAC), RS256 (RSA), and ES256 (ECDSA). The algorithm determines how the signature is computed and verified.