Loading JWT Decoder...
About JWT Decoder
Paste a JWT and see what's inside. The decoder splits it into header, payload, and signature, showing you the claims, expiration time, and algorithm used. Essential for debugging authentication issues.
JWTs look like random strings but contain structured JSON data encoded in base64. This tool decodes them so you can see the actual contents—user IDs, permissions, expiration times, and any custom claims your application uses.
How to use JWT Decoder
Copy a JWT from your application, API response, or browser dev tools.
Paste it into the input field.
View the decoded header (algorithm info) and payload (claims).
Check the 'exp' claim to see if the token is expired.
Inspect claims like 'sub', 'roles', or custom fields.
Examples
JWT structure
A JWT has three parts separated by dots: header.payload.signature
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4ifQ. SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c ↑ header ↑ payload ↑ signature
Decoded payload
The payload contains claims—key-value pairs with user data and metadata:
{
"sub": "1234567890", // Subject (user ID)
"name": "John Doe", // Custom claim
"iat": 1516239022, // Issued at (Unix timestamp)
"exp": 1516242622 // Expires at (Unix timestamp)
}Checking expiration
The 'exp' claim is a Unix timestamp. Compare with current time to check validity:
exp: 1705084800 Current time: 1705100000 1705100000 > 1705084800 Token is EXPIRED (4+ hours ago)
Features
When to use this
- •Debugging 401 Unauthorized errors
- •Checking if a token has expired
- •Verifying user claims and permissions
- •Understanding what data your auth tokens contain
- •Troubleshooting JWT validation failures
- •Learning how JWT authentication works