JWT Decoder / Encoder

Decode, verify (HS256/384/512), and generate JWT tokens — all in your browser, no upload.

Quick Links

📌 Simple Examples 📖 How to Use ❓ FAQ

JWT Token

Secret (for HMAC verification)

Status: Idle

Common Claims

Issued At (iat): —

Expires (exp): —

Not Before (nbf): —

Subject (sub): —

Issuer (iss): —

Audience (aud): —

Header

Payload

Signature Algorithm: N/A Verified: N/A

Header (JSON)

{ "alg":"HS256", "typ":"JWT" }

Algorithm

Secret (for HMAC verification)

Status: Idle

Payload (JSON)

{ "sub":"1234567890", "name":"John Doe", "iat": 1516239022 }

Result Token

Keep your secrets safe. Do not share tokens that contain sensitive data.

Simple Examples

Quick Decode Example

Try decoding this sample JWT token instantly:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

Secret: secret

Try it now →

Quick Encode Example

Create your first JWT token in seconds:

{
  "alg": "HS256",
  "typ": "JWT"
}
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

Secret: secret

Try it now →

Tips & How to Use

1. Paste a JWT token into the JWT Token field.
2. Click Decode to view header & payload as JSON.
3. To verify, enter the shared secret and click Verify — supported: HS256, HS384, HS512.
4. Use Encode / Generate to create a token: edit header & payload JSON, choose algorithm and (if HMAC) provide secret.
5. Copy or download the result token. Avoid sharing secrets or private data.

Pro Tip: For production security, avoid HS with weak secrets. Consider asymmetric algorithms (e.g., RS256) and proper key management.

Related Tools

Frequently Asked Questions (FAQ)

JWT is a compact, URL-safe token format for securely transmitting information between parties as a JSON object. It consists of three parts: header, payload, and signature.

Simply paste your JWT token into the input field and click "Decode". The tool will instantly parse the header and payload into readable JSON format.

Yes! All processing happens entirely in your browser (client-side). No data is sent to any server. However, never paste tokens containing real secrets or sensitive production data.

For verification and encoding, we support HS256, HS384, HS512 (HMAC with SHA), and "none" for unsigned tokens. Asymmetric algorithms (RS256, ES256) are not yet supported.

Enter your JWT token, input the secret key used to sign it, then click "Verify". The tool will check if the signature matches using HMAC algorithm.

Yes! Switch to the "Encode / Generate" tab, edit the header and payload JSON, select an algorithm, provide a secret (for HMAC), and click "Encode" to create a new token.