What is a JWT?

A JWT (JSON Web Token) is a compact, URL-safe token used to securely transmit information between parties. It consists of three Base64URL-encoded parts separated by dots:

Header — algorithm and token type (e.g. HS256, RS256)
Payload — the claims (user data, expiry, issuer, etc.)
Signature — verifies the token has not been tampered with

Standard JWT Claims

Claim	Full Name	Description
`sub`	Subject	The user ID the token refers to
`iss`	Issuer	Who issued the token (e.g. your auth server)
`aud`	Audience	Who the token is intended for
`exp`	Expiration	When the token expires (Unix timestamp)
`iat`	Issued At	When the token was created (Unix timestamp)
`nbf`	Not Before	Token is not valid before this time
`jti`	JWT ID	Unique identifier for this token

FAQ

Yes. The decoding happens entirely in your browser using JavaScript. Your token is never sent to our server. You can verify this by checking your browser's network tab — no requests are made when you click Decode.

No. Signature verification requires the secret key (HS256) or public key (RS256/ES256) which only your server knows. This tool decodes and inspects the payload — always verify signatures server-side.

The exp claim is a Unix timestamp. If the current time is past that value, the token is expired. Your auth server will reject it. Request a new token by logging in again or using a refresh token.

JWT Decoder

What is a JWT?

Standard JWT Claims

FAQ

Related Tools

JWT Decoder

What is a JWT?

Standard JWT Claims

FAQ

Is it safe to paste my JWT here?

Can this tool verify the JWT signature?

Why is my JWT expired?

Related Tools