JSON Web Tokens are compact, URL-safe tokens for authentication. A JWT has three parts: Header (algorithm), Payload (claims), and Signature (verification). Decode JWTs to inspect their contents.
Paste JWT token (starts with 'eyJ...') into input. Tool splits into Header, Payload, and Signature. Decodes from Base64URL to JSON. Shows expiration status automatically.
Debug authentication flows. Inspect token claims (user ID, roles, permissions). Verify expiration times. Examine signing algorithms. Troubleshoot OAuth 2.0 and OpenID Connect. Check tokens from Auth0, Firebase, AWS Cognito.
JWT format: Header.Payload.Signature (Base64URL-encoded). Header has algorithm (HS256, RS256, ES256) and type. Payload has claims (iss, sub, exp, iat). Signature uses HMAC or RSA/ECDSA. Decoding only, no signature verification.
JSON Web Token (RFC 7519) is a compact, URL-safe token with three Base64URL parts: Header, Payload, Signature. Used for stateless API authentication.
Paste JWT string. Tool splits into parts, Base64URL-decodes, and JSON-parses Header and Payload.
Never paste production tokens with sensitive data into untrusted tools. This tool runs locally, but verify before use.
Only decodes and displays structure. Signature verification needs the secret or public key.
'iss' (issuer), 'sub' (subject), 'aud' (audience), 'exp' (expiration Unix timestamp), 'iat' (issued at), 'nbf' (not before), 'jti' (token ID).
Transform, format, generate, and encode data instantly. Private, fast, and always free.
Browse All Tools