/**/

JWT Decoder

Decode JSON Web Tokens securely in your browser without sending data anywhere.

Encoded JWT
Header (Algorithm & Type)
Payload (Data)

What is a JWT Token?

A JWT (JSON Web Token) is an open standard (RFC 7519) for transmitting information securely between parties as a compact, URL-safe JSON object. It consists of three Base64Url-encoded parts separated by dots:

  1. Header — specifies the token type (JWT) and signing algorithm (e.g., HS256, RS256)
  2. Payload — contains "claims" (key-value pairs) such as user ID, role, expiration time, issuer, and subject
  3. Signature — verifies the token wasn't altered; requires the secret key to verify
eyJhbGc....eyJzdWIi....SflKxwRJ...
Header       . Payload     . Signature

Common JWT Claims Reference

ClaimNameDescription
issIssuerWho issued the token
subSubjectWho the token is about (usually user ID)
expExpirationUnix timestamp when token expires
iatIssued AtUnix timestamp when token was issued
audAudienceIntended recipients of the token
nbfNot BeforeToken is not valid before this time
jtiJWT IDUnique identifier for the token

Frequently Asked Questions

Is it safe to decode a production JWT token here?

Yes. All decoding happens entirely in your browser. The token is never sent to any server.

Does decoding verify the JWT signature?

No. Decoding reveals the payload contents but does NOT verify the signature. That requires the secret key.

What are common JWT claims?

iss (issuer), sub (subject), exp (expiration), iat (issued at), aud (audience), nbf (not before), jti (JWT ID).

What is the difference between HS256 and RS256?

HS256 uses a shared secret (symmetric). RS256 uses a public/private key pair (asymmetric) — better for distributed systems.

Can I use this to decode JWTs from ASP.NET Core?

Yes. ASP.NET Core JWT middleware generates standard RFC 7519 tokens that this decoder handles perfectly.

Related Tools