TR ToolRux

JWT Decoder

Decode and inspect JSON Web Tokens. View header, payload, and signature with expiration validation — all in your browser.

Decoded Token

Paste a JWT token to decode

Header, Payload & Signature

JWT Token

Related Articles

Learn more about this topic

Related Tools

You might also find these useful

Password Strength Checker

Check how secure your passwords really are.

Encryption Tool

Encrypt and decrypt text with AES-256-GCM.

Base64 Encoder

Encode and decode Base64 strings — JWT uses Base64URL.
📖 Learn More

Everything you need to know

What Is a JWT Token?

A JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication — after a user logs in, the server issues a JWT that the client includes in subsequent requests to prove identity.

How This Tool Works

Paste any JWT token and instantly see the decoded header (algorithm, token type), payload (all claims with timestamps converted to readable dates), and the raw signature. The tool also checks the exp claim to tell you if the token is expired.

Understanding JWT Claims

  • sub — Subject, typically the user ID
  • iss — Issuer, who created the token
  • aud — Audience, who the token is intended for
  • exp — Expiration time (Unix timestamp)
  • iat — Issued at time
  • nbf — Not valid before time

Security Considerations

JWTs are only encoded (Base64URL), not encrypted — anyone can read the payload. Never put sensitive data like passwords in a JWT. Always validate the signature server-side. This tool only decodes; it does not verify signatures as that requires the secret key.

Related Tools

Generate secure tokens with the Password Generator, hash data with the Hash Generator, or encode data with the Base64 Encoder.