Free JWT Decoder - JSON Web Token Inspector
Decode JSON Web Tokens (JWTs) to inspect their header and payload contents instantly. Perfect for debugging authentication flows, verifying token claims, and understanding the structure of OAuth2 and OpenID Connect tokens without using external services that might compromise token privacy.
How to Use
Paste your JWT string into the input area. The token is automatically decoded and its three parts - header, payload, and signature - are displayed in readable JSON format. Copy individual sections or the entire decoded output with a single click.
JWT Structure
- Header: Contains metadata about the token including the signing algorithm (typically HS256 or RS256) and token type (JWT)
- Payload: Contains the claims - statements about the user (subject, issuer, expiration time) and any custom data embedded by the application
- Signature: The cryptographic hash that verifies the token has not been tampered with. Note: this tool decodes only - verification requires the secret key
Common JWT Claims
Standard claims you will encounter include sub (subject - the user ID), iss (issuer - who created the token), exp (expiration timestamp), iat (issued-at timestamp), aud (audience - intended recipient), and custom claims specific to your application.
Privacy
Decoding happens entirely in your browser. Tokens are never sent to any server. Your authentication tokens and any user data they contain stay completely private.
Last reviewed: July 2026.