Skip to main content

JWT Decoder

Decode and inspect JSON Web Tokens. View header, payload, and claims without verification.

What is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. JWTs are commonly used for authentication and authorization in web applications and APIs.

JWT Structure

A JWT consists of three parts separated by dots:

  • Header: Contains the token type and signing algorithm (e.g., HS256, RS256)
  • Payload: Contains the claims - statements about the user and additional metadata
  • Signature: Used to verify the token hasn't been tampered with

Common Claims

  • iss (Issuer): Who created the token
  • sub (Subject): The user or entity the token represents
  • aud (Audience): Who the token is intended for
  • exp (Expiration): When the token expires
  • iat (Issued At): When the token was created
  • nbf (Not Before): Token not valid before this time

Use Cases

  • API Authentication: Debug tokens from OpenAI, Anthropic, and other AI APIs
  • OAuth Debugging: Inspect access tokens and ID tokens
  • Session Management: Verify user session tokens
  • Security Analysis: Check token expiration and claims

Security Note

This tool decodes tokens locally in your browser - nothing is sent to any server. However, remember that decoding is not the same as verification. Never trust JWT claims without proper server-side signature verification.