What is a JSON Web Token (JWT)?

A JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Structure of a JWT

JWTs consist of three parts separated by dots (.), which are:

• Header: Typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
• Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data (like role, user ID, or email).
• Signature: To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

The Danger of Online JWT Decoders

JWTs are incredibly sensitive. If a malicious actor intercepts a valid JWT belonging to an admin user, they can hijack that user's session. You should never paste production JWTs into random online tools. Many online decoders silently send your pasted token to a backend server for logging or analysis.

Our tool is different. We wrote this decoder using pure frontend JavaScript. The decoding process happens entirely within your web browser. Try disconnecting from the internet and pasting your token—it will still decode perfectly, proving your data is safe.