This JWT decoder reveals the content of a JWT token (split into 3 parts: header, payload, signature). Decoding is performed entirely in your browser, no data is sent to a server.
Paste your JWT token in the input field. Decoding is instant and performed entirely in your browser: no data is sent to a server, ensuring the confidentiality of your tokens.
A JWT (JSON Web Token) is an open standard (RFC 7519) that defines a compact and self-contained way to securely transmit information between two parties as a JSON object. This information can be verified and trusted because it is digitally signed.
A JWT consists of three parts separated by dots (.):
The header typically contains the token type (JWT) and the signing algorithm used (e.g., HMAC SHA256 or RSA).
{
"alg": "HS256",
"typ": "JWT"
}
The payload contains the claims — statements about the user and additional metadata.
{
"sub": "1234567890",
"name": "John",
"iat": 1516239022
}
The signature is created by encoding the header and payload, then signing them with a secret key or a public/private key pair.
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret )
| Claim | Full name | Description |
iss | Issuer | The entity that issued the token |
sub | Subject | The subject of the token (often the user ID) |
aud | Audience | The intended recipient of the token |
exp | Expiration Time | Token expiration date (UNIX timestamp) |
nbf | Not Before | Date before which the token is not valid |
iat | Issued At | Token creation date |
jti | JWT ID | Unique token identifier |
| Algorithm | Type | Description |
| HS256 | Symmetric | HMAC with SHA-256, the most common |
| HS384 | Symmetric | HMAC with SHA-384 |
| HS512 | Symmetric | HMAC with SHA-512 |
| RS256 | Asymmetric | RSA with SHA-256 |
| ES256 | Asymmetric | ECDSA with P-256 curve |
exp claim).© 2016-2025. My2lbox.com
Mentions légales
Gérer les cookies
Template by Bootstrapious.