What is a JWT Token?
A JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are widely used in authentication.
JWT Structure
- Header — algorithm and token type (e.g. HS256)
- Payload — claims (user ID, roles, expiry, issued-at)
- Signature — verifies tamper-evidence (requires secret)
Is it safe to decode JWTs here?
The header and payload of a JWT are only Base64url-encoded — not encrypted. This tool decodes them client-side. Never share production user tokens; use test tokens for debugging.
FAQ
Can I verify the JWT signature here?
No — signature verification needs the secret key (HMAC) or public key (RSA/EC). This tool decodes the payload without verifying it.
What does "exp" mean?
"exp" is the expiration time claim — a Unix timestamp after which the token must not be accepted. This tool shows it in human-readable form.