Jsonic's JWT Decoder splits a JWT token into its three parts and decodes the header and payload from Base64url encoding. The header typically contains the signing algorithm (alg) and token type (typ). The payload contains claims such as sub, iat, and exp. The signature is displayed but not cryptographically verified — that requires the secret key.
How to decode a JWT token
- Paste your JWT token into the input field.
- Click Decode.
- The header and payload are shown as formatted JSON.
- The signature is displayed but not verified.
FAQ
Does this verify the JWT signature?
No. Signature verification requires the secret key. This tool only decodes and displays the header and payload.
Is my token sent to a server?
No. Decoding runs entirely in your browser. Your token never leaves your machine.
What is in the JWT header?
The header contains the algorithm (alg) and token type (typ), e.g. {"alg": "HS256", "typ": "JWT"}.
What is in the JWT payload?
The payload contains claims — typically sub (subject), iat (issued at), exp (expiration), and any custom fields set by the issuer.