JWTs are portable, stateless tokens and are often used to communicate identity between systems. Every signed JWT has three parts:
- A header, which contains metadata, including information about the key used to sign the JWT.
- A body, which is a JSON object with an arbitrary payload; the keys of this JSON object are commonly called “claims”.
- A signature, which is built by performing a cryptographic operation over the header and the body.
These are all base64 URL encoded so the resulting string is safe to put in HTTP headers, cookies and elsewhere. Every signed JWT lets you verify the integrity of the JWT without contacting the signer.
This decoder lets you examine the contents of any JWT by pasting it into the Token form field. It’ll automatically decode the values and place the header and body into the respective fields.
Use this tool to confirm your JWT is being generated with the metadata and claims you expect, or to examine JWTs other systems are creating to discover their properties.
Below is a sample JWT you can copy and paste into the decoder to try it out.
Have an idea for a great dev tool? Submit a PR to our GitHub project at: