JWT Encoder/Decoder
Paste a JWT to decode it, or edit header/payload/signature and build a new token. Values are not verified cryptographically.
Paste a JWT to decode it, or edit header/payload/signature and build a new token. Values are not verified cryptographically.
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It has three Base64-encoded parts separated by dots: a header (algorithm and token type), a payload (claims like user ID, expiration time, and roles), and a signature. JWTs are stateless, meaning the server doesn't need to store session data - the token itself carries all the information.
Paste a JWT to decode its header and payload instantly. The tool shows each part in formatted JSON, and when the payload carries the standard time claims it reads iat, nbf, and exp into readable dates and tells you whether the token is still valid or already expired. You can also build a JWT by entering header and payload values. Note: signature verification requires the secret key, which this tool intentionally doesn't store.
iss (issuer) identifies who created the token. sub (subject) is usually the user ID. exp (expiration) is a Unix timestamp for when the token expires. iat (issued at) is when the token was created. aud (audience) specifies the intended recipient. Custom claims can include anything your application needs, like roles or permissions.