JWT解码器
解码和检查JSON Web Token — 查看header、payload并验证签名
Header
{
"alg": "HS256",
"typ": "JWT"
}Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Signature is not verified
Payload
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}Issued: 1/18/2018, 1:30:22 AM
JWT Decoder & Inspector
Decode and inspect JSON Web Tokens (JWT) instantly. Paste a JWT to see the decoded header, payload, and expiration — without needing the secret key. Useful for debugging auth flows.
FAQ
What is a JWT?
A JWT (JSON Web Token) is a compact, URL-safe token format used for authentication. It contains three Base64url-encoded parts: header, payload, and signature.
Can I verify a JWT without the secret?
You can decode the header and payload without the secret. To verify the signature (confirm it hasn't been tampered with), you need the signing key.
Is it safe to paste my JWT here?
This tool decodes entirely in your browser — nothing is transmitted to a server. However, never share JWTs publicly as they grant access to whatever they authorize.
What does 'exp' mean in a JWT payload?
'exp' is the expiration time as a Unix timestamp. If the current time is past exp, the token is expired and should be rejected.