JWT Decoder

Decode and inspect JSON Web Tokens (JWT). View header, payload, and signature. Perfect for debugging authentication and authorization.

JWT Token

About JSON Web Tokens (JWT)

JWT is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and information exchange in web applications.

JWT Structure

A JWT consists of three parts separated by dots (.):

  • Header - Contains the token type (JWT) and signing algorithm (e.g., HMAC SHA256, RSA)
  • Payload - Contains the claims (statements about the user and additional data)
  • Signature - Used to verify the token hasn't been tampered with

Format: header.payload.signature

Common Claims

  • iss (issuer) - Who issued the token
  • sub (subject) - Who the token is about (typically user ID)
  • aud (audience) - Who the token is intended for
  • exp (expiration) - When the token expires (Unix timestamp)
  • iat (issued at) - When the token was issued (Unix timestamp)
  • nbf (not before) - Token not valid before this time

Use Cases

  • Authentication - After login, each request includes the JWT
  • Information Exchange - Securely transmit information between parties
  • Single Sign-On (SSO) - Share authentication across multiple domains
  • API Authorization - Grant access to protected resources

Security Notes

⚠️ Important: JWTs are signed, not encrypted. Anyone can decode and read the contents. Never store sensitive information like passwords in JWT payloads. Always use HTTPS when transmitting JWTs. Validate tokens on the server side before trusting their contents.

Geek Cafe LogoGeek Cafe

Your trusted partner for cloud architecture, development, and technical solutions. Let's build something amazing together.

Quick Links

© 2025 Geek Cafe LLC. All rights reserved.

Research Triangle Park, North Carolina

Version: 8.7.0