JWT Decoder

Paste a JWT below to decode its header and payload. You can also attempt to verify its signature (note: actual cryptographic verification requires a backend or a secure, dedicated library and is only simulated here).

Decoded Header

No data to display.

Decoded Payload

No data to display.

Signature

No signature part found or header not decoded yet.

About JWTs (JSON Web Tokens)

JWTs are a compact, URL-safe means of representing claims to be transferred between two parties. A JWT is composed of three parts separated by dots (`.`):

Header: Typically consists of two parts: the type of the token (JWT) and the signing algorithm being used (e.g., HMAC SHA256 or RSA).
Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.
Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way. It is calculated by signing the encoded header, the encoded payload, a secret, and the algorithm specified in the header. If the algorithm is "none", the signature part is usually empty.