decode jwt online


Encoded token



JWT decoder allows to decode JWT online.

User guide

How to decode JWT?

  • Copy / paste your JWT directly into the editor above. You can also drag and drop your token
  • Your token is automatically decoded

JWT decoder

This JWT tool allows to decode token directly in your browser.Your token is decoder only on client side, it is not sent to our server.

This tool does not validate your token (any well formed JWT can be decoded). The signature is not analyzed, we do not check if it is valid.

Decoding JWTs can be a tedious task if you are not familiar with the token's structure and encoding standards.

This decoder uses jwt decode library.

JSON Web Token

JSON Web Token (JWT) is an open standard defined in RFC 75191 for representing claims securely between two parties over the internet.You can optionally add a signature and encryption.It allows the secure exchange of tokens between multiple parties. This security of the exchange results in the verification of the integrity and authenticity of the data. The header contains information about the token, such as the algorithm used for signing it.It is carried out by the HMAC or RSA algorithm.The tokens are signed either using a private secret or a public/private key.

One of the primary benefits of using JWTs is that they are lightweight and self-contained, making them ideal for use in microservices or RESTful APIs. Additionally, JWTs are widely supported, and libraries are available for most popular programming languages, making it easy to integrate them into your applications. Overall, JWTs are a reliable and secure method for transmitting information over the internet, and their use is likely to continue to grow in popularity as more applications move towards microservices architectures.

A token is essentially a string of characters that contains three parts:

  • A header, used to describe the token. It is a JSON object.
  • A payload that represents the information embedded in the token. It is also a JSON object.
  • A digital signature.

The signature consists of three parts:

  • Encode the header with Base64url defined in RFC 46483
  • A dot
  • Encode the payload with Base64url defined in RFC 46483
The signature is added to the result in the same way (encoded and separated by a dot).

You can report a bug or give feedback by adding a comment (below) or by clicking "Contact me" link (at the top right hand corner of the page).