JWT Decoder – I7 Pixel

🔒 Your token never leaves the browser — decoding happens entirely client-side. Note: this tool decodes the token structure only; it does not verify the signature against a secret.

🔑 Paste JWT Token

Header

Payload

Signature

Try a sample token:

HS256 Sample RS256 Sample Expired Token

✅ Decoded —

Claim	Value

Claim	Value	Description

⚠️ Signature verification requires your secret key or public key and cannot be done client-side here. This tool confirms the token structure is valid, but does not validate the signature.

Signature (Base64url)

Algorithm

—

Algorithm

—

Token Type

—

Expires

—

Status

—

📋 Standard Claims

Registered Claims (RFC 7519)

iss — Issuer
sub — Subject
aud — Audience
exp — Expiration time
nbf — Not before
iat — Issued at
jti — JWT ID

Display Options

Human-readable times

Show claim descriptions

ℹ️ About JWT

What is a JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for transmitting claims between parties as a compact, URL-safe string. It has three Base64url-encoded parts separated by dots.

Structure

Header
Algorithm & token type
Payload
Claims (data)
Signature
Verifies integrity

Common Algorithms

HS256 — HMAC + SHA-256 (symmetric)
RS256 — RSA + SHA-256 (asymmetric)
ES256 — ECDSA + SHA-256
none — Unsigned (insecure!)

Security Note

              JWTs are Base64url-encoded, NOT encrypted. Anyone can decode the payload. Never store secrets in JWT claims unless using JWE (encrypted JWTs).
            