JWT Decoder
TransformPaste a JSON Web Token to instantly decode its header and payload without sending data anywhere. Great for debugging auth flows and inspecting claims.
This tool decodes JWTs only. It does not validate signatures or verify authenticity. Always validate tokens on the server.
How JWT decoding works
A JSON Web Token is made of three base64url-encoded segments: header, payload, and signature. Decoding helps you inspect the algorithm, token type, and claim values without revealing secrets.
Header insights
Review the signing algorithm (alg) and token type (typ) before using a JWT in your application.
Payload details
Check standard claims like iss, aud, exp, and custom fields to ensure the data matches expectations.
Signature awareness
Signatures are displayed as-is so you can compare tokens, but verification must happen server-side.
