JWT Decoder - Online JSON Web Token Debugger

Encoded Token Paste a token

Decoded Data

HEADER: Algorithm & Token Type

{}

PAYLOAD: Data

{}

VERIFY SIGNATURE

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  your-256-bit-secret
)

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

Header

Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.

Payload

Contains the claims. Claims are statements about an entity (typically the user) and additional data.

Signature

Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

Privacy Note: This tool runs entirely in your browser. Your tokens are never sent to any server.