JWT Decode Online Tool

Decode and inspect JSON Web Tokens (JWT) instantly in your browser. This free JWT decoder extracts and displays the header, payload, and claims from any JWT token. Perfect for debugging OAuth 2.0, OpenID Connect, and API authentication.

How to Use This JWT Decoder

  1. Paste your JWT token in the text area below
  2. Click “Decode JWT” button
  3. View the decoded header and payload with formatted JSON

What You’ll See in the Decoded Output

SectionContains
HeaderAlgorithm (HS256, RS256), token type
PayloadClaims: sub, iss, exp, iat, custom data
🧰 Tools
🔐PKCE 📜SAML 🔗URL Time 🎫JWT 🚀REST 📝YAML 🔄XML 🔤B64 🔒ROT47 🏗️ForgeRock

Enter your JWT token below:


Decoded Output:
ℹ️ What is a JSON Web Token (JWT)?
A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. JWTs are widely used in:
  • OAuth 2.0 & OpenID Connect (OIDC): ID tokens and access tokens
  • API Authentication: Stateless authentication for REST APIs
  • Single Sign-On (SSO): Session tokens across multiple applications
  • Microservices: Service-to-service authentication
JWT Structure (3 parts separated by dots):
  1. Header: Algorithm (HS256, RS256) and token type (JWT)
  2. Payload: Claims (data) like user ID, expiration time, issuer
  3. Signature: Cryptographic signature to verify token integrity
Common JWT Claims:
  • exp (Expiration Time): When the token expires (Unix timestamp)
  • iat (Issued At): When the token was created
  • nbf (Not Before): Token is not valid before this time
  • iss (Issuer): Who created the token (e.g., auth server URL)
  • aud (Audience): Who the token is intended for
  • sub (Subject): User identifier (e.g., user ID)
📖 Related Tools & Articles
🧰 Related Tools:
📚 Related Articles:
🔒 Privacy & Security Notice
Client-side decoding only: This JWT decoder runs 100% in your browser using JavaScript. No JWT tokens are transmitted to any server. Your tokens remain completely private.
⚠️ Note: This tool only decodes JWTs (Base64 decoding). It does not verify signatures. Always validate JWT signatures on your backend server before trusting the token data.
Frequently Asked Questions
What is JWT decode?
JWT decode is the process of extracting the header and payload data from a JSON Web Token. JWTs are Base64URL encoded, so decoding reveals the JSON data inside without needing the secret key. This is useful for debugging and inspecting token contents.
Is it safe to decode JWT in the browser?
Yes, decoding a JWT is safe because it only reveals the Base64-encoded payload data. However, remember that decoding is NOT the same as verifying. Always verify JWT signatures on your server before trusting the token data for authentication or authorization decisions.
How do I decode JWT in JavaScript?
You can decode JWT using the popular jwt-decode npm package:
// Using jwt-decode npm package
import jwtDecode from 'jwt-decode';

const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...';
const decoded = jwtDecode(token);
console.log(decoded); // { sub: '123', name: 'John', iat: 1234567890 }

Or manually decode without any library:
// Manual JWT decode (no library needed)
const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...';
const payload = JSON.parse(atob(token.split('.')[1]));

What’s the difference between jwt-decode and jsonwebtoken npm packages?
PackagePurposeVerification
jwt-decodeClient-side decoding onlyNo signature verification
jsonwebtokenServer-side signing & verificationFull signature verification
Use jwt-decode for reading token contents in the browser. Use jsonwebtoken on your server for creating and verifying tokens.
How do I decode JWT in TypeScript?
The jwt-decode npm package includes TypeScript definitions:
import jwtDecode, { JwtPayload } from 'jwt-decode';

interface MyToken extends JwtPayload {
  name: string;
  email: string;
}

const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...';
const decoded = jwtDecode<MyToken>(token);
console.log(decoded.name, decoded.email);

Articles