JWT (JSON Web Token) Debugger

About this JWT Debugger

This tool allows you to quickly decode JSON Web Tokens (JWTs). Paste your encoded JWT string into the input field above to see the decoded Header and Payload components in a readable JSON format.

JWTs are commonly used for authentication and information exchange. They consist of three parts separated by dots:

• Header: Contains metadata like the token type (JWT) and the signing algorithm (e.g., HS256, RS256).
• Payload: Contains the claims (statements) about an entity (typically, the user) and additional data. Common claims include `iss` (issuer), `exp` (expiration time), `sub` (subject), `aud` (audience), etc.
• Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn’t changed along the way.

Important:

This tool only decodes the Header and Payload from their Base64Url representation. It does not validate the signature, as this requires access to the secret key (for HMAC algorithms) or the public key (for RSA/ECDSA algorithms) which you should never share publicly. All decoding happens directly in your browser; the token is not sent anywhere.