What is a JWT and why would I need to decode one?

JWT (JSON Web Token) is a compact, URL-safe way to represent claims between parties. You may need to decode a JWT to inspect its payload for debugging, verify its expiration time, or understand which claims it contains — common during development or security audits.

Does this tool validate the JWT signature?

Yes, the tool attempts to validate the signature for common algorithms like HS256 and RS256. It displays whether the signature is valid or not, helping you ensure the token hasn't been tampered with.

Is my JWT data secure when using this decoder?

Yes, 100% secure. All processing occurs entirely in your browser using JavaScript. Your JWT is never sent to our servers, stored, or logged. The tool is completely private.

What algorithms are supported for signature validation?

The tool supports the most common JWT algorithms, including HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, and ES512. It will attempt to validate the signature if the appropriate key is provided or if the algorithm allows verification.

What is the difference between JWT decoding and JWT validation?

Decoding a JWT simply extracts and displays the header and payload without verifying the signature. Validation checks the signature to ensure the token hasn't been altered and that it hasn't expired. Our tool does both — you get the decoded data plus a signature validity indicator.

Are there any limitations to this free JWT decoder?

Free with no account required — decodes any standard JWT instantly in your browser. The header and payload are never sent to any server.

JWT Decoder — Inspect Token Claims & Expiry Free Online

Decode, validate, and inspect JSON Web Tokens (JWT) instantly. View the header, payload, andsignature status. All processing runs locally in your browser with 100% privacy — no signup or upload required.

Quick Answer

How do I check if a JWT is expired or see its claims?

Paste your JWT into the decoder above. It instantly shows the header (algorithm), payload (claims including exp, iat, sub, aud), and whether the token is currently expired based on the exp timestamp. No private key is needed to decode — JWT payloads are Base64URL-encoded JSON, not encrypted.

Security & Encoding★ Free forever✓ No account🔒 No upload📴 Works offlineUpdated April 28, 2026

JWT Decoder — Headers, Claims, Expiration, Privacy-First

Decode JSON Web Tokens to inspect headers, claims, and signing algorithm. All decoding happens locally — production tokens never leave your browser.

Browse all tools Browse more security & encoding tools·Built by Achraf A., Full-Stack Developer · Morocco

JWT token

Standard JWT claim reference

issIssuer

Identifies the principal that issued the JWT.

subSubject

Identifies the principal that is the subject of the JWT (usually a user ID).

audAudience

Identifies the recipients that the JWT is intended for.

expExpiration Time

Unix timestamp after which the JWT must not be accepted.

nbfNot Before

Unix timestamp before which the JWT must not be accepted.

iatIssued At

Unix timestamp at which the JWT was issued.

jtiJWT ID

Unique identifier for this token to prevent replay attacks.

nameFull Name

User's full name (OpenID Connect standard claim).

emailEmail

User's email address (OpenID Connect standard claim).

picturePicture URL

URL of the user's profile picture (OpenID Connect standard claim).

roleRole

User role or permission level (application-specific claim).

rolesRoles

Array of user roles (application-specific claim).

scopeScope

OAuth 2.0 scope — the permissions granted by this token.

azpAuthorized Party

Client ID of the application the token was issued to.

sidSession ID

Session identifier; can be used to bind token to a session.

JWT algorithm comparison

Algorithm	Type	Use case	Safe?
HS256	HMAC	HMAC with SHA-256. Symmetric: same secret signs and verifies. Simple but secret must be shared.	Yes
HS384	HMAC	HMAC with SHA-384. Same as HS256 but larger hash. Rarely needed.	Yes
HS512	HMAC	HMAC with SHA-512. Same as HS256 but largest hash.	Yes
RS256	RSA	RSA with SHA-256. Asymmetric: private key signs, public key verifies. Preferred for public APIs.	Yes
RS384	RSA	RSA with SHA-384.	Yes
RS512	RSA	RSA with SHA-512.	Yes
ES256	ECDSA	ECDSA with P-256 and SHA-256. Smaller keys than RSA, same security. Preferred for mobile.	Yes
ES384	ECDSA	ECDSA with P-384 and SHA-384.	Yes
ES512	ECDSA	ECDSA with P-521 and SHA-512.	Yes
none	None	No signature. The token is completely unsigned and unverifiable.	Dangerous
PS256	RSA-PSS	RSASSA-PSS with SHA-256. More secure than RS256, recommended for new systems.	Yes

Was this tool helpful?

What is JWT Decoder?

A JSON Web Token (JWT) is a compact, URL-safe representation of claims to be transferred between two parties. Defined in RFC 7519 and ratified in 2015, JWTs are now the dominant token format for stateless authentication and authorization on the web — they power OAuth 2.0 access tokens, OpenID Connect identity tokens, server-to-server API authentication, single sign-on (SSO) implementations, password reset links, email verification flows, and the session tokens of countless modern applications. The format's design lets a server hand the client a small string that proves identity and authorization without the server needing to remember anything about the session — a property that makes JWTs excellent for horizontally scaled systems but also surfaces an unusual set of security pitfalls.

A JWT consists of three Base64URL-encoded segments separated by dots: header.payload.signature. The header declares the signing algorithm (HS256, RS256, ES256, EdDSA) and optionally a key identifier. The payload is a JSON object containing claims — standardized fields like 'iss' (issuer), 'sub' (subject), 'aud' (audience), 'exp' (expiration time), 'nbf' (not before), 'iat' (issued at), and 'jti' (JWT ID), alongside any application-specific claims like user roles, account IDs, or feature flags. The signature is a cryptographic proof, computed over the encoded header and payload using the secret or private key identified in the header, that lets recipients verify the token has not been tampered with. Decoding the token reveals the header and payload as readable JSON; the signature itself is binary and rarely human-meaningful.

This decoder focuses on inspection, not verification. Decoding a JWT only reveals what is inside the token; it does not prove the token is valid. Signature verification — confirming that the token was issued by the expected key holder and has not been modified — requires the public key (for RS256, ES256, EdDSA) or shared secret (for HS256) of the issuing party, and is intentionally not part of the inspection workflow. That separation is by design: inspection is the right tool when you are debugging what an existing token contains; verification is the right tool when your application is enforcing access. Mixing the two is one of the most common JWT-related security bugs in real-world code.

JWT security has a well-documented set of pitfalls that a decoder helps you spot during code review and incident response. The most famous is the 'alg:none' vulnerability — early JWT libraries accepted tokens with the algorithm header set to 'none', which meant any caller could create a token by simply Base64-encoding a payload with no signature. Modern libraries reject 'none' by default, but legacy systems and bespoke implementations occasionally retain the bug. A decoder that surfaces the algorithm makes that vulnerability visible. The second common pitfall is algorithm confusion — accepting a token signed with HS256 (symmetric) when the verifier was configured for RS256 (asymmetric), which lets an attacker use the public key as a signing secret. Watch the alg field carefully when troubleshooting authentication issues across services.

Time-based claims (exp, nbf, iat) are the second most consequential thing to inspect. The 'exp' claim is a Unix timestamp specifying when the token stops being valid; tokens past exp should be rejected by every conformant verifier. The 'nbf' (not before) claim provides the lower bound; the 'iat' (issued at) claim records issuance time. Real-world clock skew between systems is a frequent cause of authentication failures: a token that the issuing server considers freshly minted may be rejected by a verifier whose clock is two minutes behind. Most production verifiers tolerate a few seconds of skew; if you see authentication fail with 'token not yet valid' messages, clock drift is the first thing to check.

Best practices for handling JWTs have tightened considerably since the format's introduction. Tokens should have short lifetimes (typically 5–60 minutes for access tokens), be paired with longer-lived refresh tokens for re-issuance, and be transmitted over HTTPS only. Sensitive information should not be placed in claims because the payload is base64-encoded but not encrypted — anyone with the token can read it. For confidentiality, use JSON Web Encryption (JWE, RFC 7516) instead of plain JWT. For revocation before expiration, maintain a server-side denylist or use opaque tokens backed by a session store. The right primitive depends on your threat model; a decoder lets you confirm which choices the system made.

How to use JWT Decoder

1
Paste the JWT
Copy the full token from your app, the Authorization header, your application logs, or browser developer tools. The decoder accepts the standard three-segment 'header.payload.signature' format.
2
Inspect the header
Confirm the algorithm (alg) is what you expect — HS256 for shared-secret, RS256 or ES256 for asymmetric. Watch for 'alg:none' which indicates a serious vulnerability or test artifact.
3
Review the payload claims
Check standard claims (iss, sub, aud, exp, nbf, iat, jti) and any application-specific claims (roles, scopes, account IDs). The decoder converts Unix timestamps to human-readable dates so expiration is obvious.
4
Compare against expected values
Diff a working token against a failing token to spot which claim differs. Most authentication failures are due to mismatched 'aud', missing scopes, or expired 'exp' — all of which are visible in the decoded payload.

Key features and benefits

Decodes header and payload to readable JSON with proper UTF-8 handling
Converts Unix timestamps (exp, nbf, iat) to local time and ISO 8601 format
Highlights expired or not-yet-valid tokens with a clear visual warning
Detects 'alg:none' tokens and surfaces the warning prominently
Identifies missing required claims (iss, exp) for common compliance configurations
Decoding happens locally — production tokens, secrets, or PII in claims never leave your browser
Supports compact JWS, including tokens with non-standard claim names and Unicode values
No quotas, ads in output, or sign-up walls — open it and inspect tokens at any volume

Common use cases

A backend engineer debugging a 401 response from an internal API decodes the token from the failing request, sees that the audience claim is 'service-a' while the consumer expects 'service-b', and traces the bug to a misconfigured token issuer that was deployed in last night's release.

A security reviewer auditing a third-party integration decodes sample tokens from the vendor's documentation and discovers that the alg field is HS256, which means the vendor expects symmetric signing — implying that any consumer of the token must possess the shared signing secret, which has implications for key management.

An SRE responding to a login outage decodes a captured token from a user's bug report and finds that the exp timestamp is two hours in the past. The team then traces the issue to a clock drift on one of the auth pods, which is a much faster diagnosis than restarting services blindly.

A QA engineer writing test fixtures for a new permission system decodes the token issued for each test persona and verifies that the role claim, scope list, and tenant ID match the persona definition. Mismatches caught at the fixture stage prevent flaky tests later.

A developer migrating from session-based authentication to JWTs decodes tokens from the new system and confirms they include all the claims the rest of the application expects (user_id, organization_id, feature flags). Missing claims surface in the decoder before they cause production bugs.

A penetration tester reviewing a target application captures tokens during normal use and decodes them to identify whether the system uses 'alg:none' (a clear vulnerability), whether claims include sensitive data that should not be in plaintext, and whether the issuing endpoint signs with a weak HS256 key.

An OAuth implementer building a federated login flow decodes the id_token returned by the identity provider to verify the audience matches their client_id, the issuer matches the IdP's documented value, and the email claim is present and verified. Each of these checks is required by the OpenID Connect specification.

Why browser-based works better

Privacy is the most important difference. JWTs in production frequently contain user identifiers, email addresses, organization IDs, role assignments, and occasionally PII like full names or phone numbers. Pasting a real token into a hosted decoder is functionally a data leak — the operator can log the token, and any intermediate proxy may persist it. A purely client-side decoder eliminates that exposure entirely.

Security-aware UX is the second differentiator. The decoder highlights known vulnerabilities (alg:none), expired tokens, and missing required claims, all of which are easy to miss when reading raw JSON. Surfacing these at decode time helps catch issues during code review or incident response that might otherwise reach production.

Speed is the third advantage. The decoder shows the structured output the moment you paste the token; there is no submit button, no spinner, no upload. For developers who decode dozens of tokens during a typical debugging session, that latency matters more than it sounds — it keeps the workflow synchronous with the rest of your debugging instead of inserting an asynchronous wait into every inspection.

Unicode and edge-case correctness is the fourth advantage. JWT payloads can contain UTF-8 strings (display names, organization labels, email addresses with international characters) and unusual numeric types (BigInts for high-precision IDs). Naive decoders that use the browser's atob() corrupt UTF-8 silently. This decoder uses TextEncoder/TextDecoder to handle any conformant payload correctly, including emoji and astral-plane characters.

You might also need

Continue this workflow with nearby browser-based tools so you can validate, convert, and ship output without context switching.

References and standards

JWT Decoder FAQs

Quick answers about the workflow, privacy, and where this tool fits in a broader job.

Are the tokens I paste sent to your server?

No. Decoding happens entirely in your browser. The page makes no network request that contains your token, so production credentials, session identifiers, or PII embedded in claims never reach our infrastructure or any third party.

Does decoding verify the signature?

No. Decoding only reveals what is inside the token; it does not prove the token is unmodified or genuinely issued by the expected party. Signature verification requires the issuer's public key (for RS256, ES256) or shared secret (for HS256) and is a separate step that should happen in your application's auth middleware, not in a debugging tool.

What does 'alg:none' mean and why is it flagged?

'alg:none' is a JWT header value indicating the token has no signature. Early JWT libraries accepted such tokens, which meant any client could forge a token by Base64-encoding any payload they wanted. Modern libraries reject 'none' by default, but the decoder flags it so legacy or misconfigured systems can be identified during review.

How do I tell if my token is expired?

The 'exp' claim contains the expiration timestamp as Unix seconds. The decoder converts it to local time and ISO 8601 format, and flags tokens past their expiration with a visible warning. If your token has no 'exp' claim, that itself is worth questioning — most production tokens should have a bounded lifetime.

What is the difference between HS256 and RS256?

HS256 uses a shared secret — both issuer and verifier need the same key, which is fine for monoliths but problematic when multiple parties verify tokens. RS256 uses public-key cryptography — the issuer holds a private key, verifiers hold the corresponding public key. RS256 is preferred for any system where multiple services or third parties need to verify tokens.

Can I read encrypted JWTs (JWE) here?

No. JWE (JSON Web Encryption, RFC 7516) is a different format that wraps an encrypted payload. Decoding a JWE without the recipient's decryption key only reveals the protected header. This decoder targets JWS (signed JWTs), which is the more common format and what most authentication systems use.

Should I trust a token I decoded here?

Decoding shows you the contents but does not prove authenticity. Treat decoded contents as untrusted input until your application has verified the signature. Specifically, do not enforce permissions or grant access based on decoded claims alone — that pattern has caused real-world security incidents.

Why do timestamps look wrong (1970s, far future)?

Almost always because the timestamps are in the wrong unit. JWT timestamps are Unix seconds (since 1970-01-01), but some libraries or hand-coded tokens accidentally use Unix milliseconds. A timestamp in milliseconds, interpreted as seconds, lands far in the future. Spot-check by computing what year the timestamp represents.

What does the 'kid' header field do?

The 'kid' (key ID) header field tells the verifier which key was used to sign the token, when the issuer rotates between multiple keys. This is essential for any production OIDC integration — the identity provider publishes a JWKS endpoint listing valid keys by ID, and the verifier picks the right one based on the 'kid' value.

Is it safe to share a token with a teammate for debugging?

Treat tokens like temporary credentials. Sharing through a secure channel (encrypted chat, secret-sharing tool) is fine for debugging within a trusted team. Avoid email, public ticket comments, or any channel where the token might be logged. After debugging, treat the shared token as compromised and rotate any underlying credentials if necessary.

What length should I expect for a normal JWT?

Typical JWTs are 200–500 characters. Tokens significantly longer than that often indicate the payload contains too much data (full user objects, embedded permissions trees) and may benefit from being trimmed to essential claims with the rest fetched server-side.

Why does my token decode here but fail verification in my code?

Most often a clock-skew issue (token expired between issuance and verification due to clock differences), an audience mismatch (the verifier expects 'aud' = 'api-x' but the token has 'aud' = 'api-y'), or an algorithm mismatch (the verifier configured for RS256 receives an HS256 token). The decoder helps you see which one applies.

Keep the workflow moving with nearby tools that solve the next likely step.

Built and maintained by

Achraf A.

Founder & developer — built and maintains every tool on this site

Last updated: April 28, 2026

Tested in Chrome, Firefox, and Safari on desktop and mobile.

What the token actually contains

A JWT is three Base64url-encoded chunks separated by dots: a header, a payload, and a signature. The header and payload are readable by anyone — they're not encrypted, just encoded. The signature is what proves authenticity, and it requires the server's secret key to verify.

When an auth bug goes dark — a 401 that shouldn't be happening, a user who can't access a resource they should have permission for — the first step is reading what's actually in the token. I wrote about this in Reading JWT Tokens Without a Library — you can decode any token in 10 seconds with just a browser.

Fields to check when debugging auth

Field	What it means	What to check
exp	Expiry time (Unix timestamp)	Is it in the past? Compare to Date.now() / 1000
iat	Issued at time	Is it suspiciously old or in the future?
iss	Issuer	Does it match the expected auth server?
aud	Audience	Does it include your API/service?
sub	Subject (user ID)	Is it the correct user?
scope / roles	Permissions granted	Does it include the required scope for this endpoint?
alg (header)	Signing algorithm	Is it RS256 or HS256? Never "none"

What this tool does NOT do

Signature verificationThis tool decodes the header and payload — it does not verify the signature. You need the server's public key (for RS256) or shared secret (for HS256) to verify authenticity. Never trust a JWT's claims without verifying the signature on the server.
JWE (encrypted tokens)JWE tokens are encrypted, not just signed. They look like 5-part strings (4 dots). This tool decodes JWS (signed) tokens only — JWE will not decode meaningfully.

The decoder runs entirely in your browser. Your tokens — which may contain user IDs, scopes, and session data — never leave your device.

JWT standard claims — what each field means

The JWT spec (RFC 7519) defines a set of registered claim names. You'll see these in the decoded payload — here's what each one means:

Claim	Full name	Meaning	Type
iss	Issuer	Who issued the token (e.g., "https://auth.example.com")	String
sub	Subject	The user or entity the token is about (e.g., user ID)	String
aud	Audience	Who the token is intended for — your API should verify this matches	String or array
exp	Expiration time	Unix timestamp (seconds) after which the token is invalid	Number
iat	Issued at	Unix timestamp when the token was created	Number
nbf	Not before	Unix timestamp before which the token must not be accepted	Number
jti	JWT ID	Unique identifier for this specific token — used to prevent replay attacks	String
scope / scp	Scope (OAuth 2.0)	Space-separated list of permissions granted to the token	String
roles / groups	Custom (not in RFC)	User roles or group memberships — added by auth providers like Auth0, Okta	Array

Timestamps (exp, iat, nbf) are Unix epoch seconds — divide by 1000 to convert to JavaScript Date milliseconds, or paste into a Unix timestamp converter.