Home / Encryption / JWT Decoder

🎫 JWT Token Decoder

Decode JWT online and view Header and Payload contents

⚠️ Do not enter production JWT Tokens containing sensitive information in this tool

📚 User Guide

What is JWT?

JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties. It consists of three parts separated by dots (.):

  1. Header: Contains token type and encryption algorithm
  2. Payload: Contains claim information (user data)
  3. Signature: Used to verify token integrity

JWT Structure

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Header  Payload  Signature

Common Header Fields

  • alg: Encryption algorithm (e.g. HS256, RS256)
  • typ: Token type (usually JWT)
  • kid: Key ID

Common Payload Fields

  • iss: Issuer
  • sub: Subject
  • aud: Audience
  • exp: Expiration Time
  • nbf: Not Before
  • iat: Issued At
  • jti: JWT ID (unique identifier)

Common Encryption Algorithms

  • HS256: HMAC + SHA256 (symmetric)
  • RS256: RSA + SHA256 (asymmetric)
  • ES256: ECDSA + SHA256 (elliptic curve)

Use Cases

  • User authentication
  • API authorization
  • Single Sign-On (SSO)
  • Information exchange

Security Notes

  • ❌ Do not store sensitive information (e.g. passwords) in Payload
  • ✅ Use HTTPS transmission
  • ✅ Set reasonable expiration time
  • ✅ Verify signature to ensure integrity
  • ✅ Use strong keys (at least 256 bits)