Free tool

JWT Decoder

Decode and inspect JSON Web Tokens. View header, payload, claims, and check expiration status. All processing happens in your browser.

Paste your JWT

Common JWT Claims

issIssuer - Who issued the token

subSubject - Who the token is about

audAudience - Who the token is intended for

expExpiration Time - When the token expires

nbfNot Before - Token not valid before this time

iatIssued At - When the token was issued

jtiJWT ID - Unique identifier for the token

What is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims between two parties. JWTs are commonly used for authentication and information exchange.

JWT structure

•Header — Token type and signing algorithm (HS256, RS256)
•Payload — Claims about the user and metadata
•Signature — Verifies the token has not been tampered with

Common claims

issIssuer

subSubject

audAudience

expExpiration

iatIssued at

nbfNot before

Security notes

•JWTs are encoded, not encrypted — anyone can read the payload
•Never store sensitive data (passwords, API keys) in JWTs
•This tool only decodes — it cannot verify signatures

Building developer onboarding?

Skene generates onboarding checklists from your codebase.

Learn more