JWT Decoder — inspect & verify JSON Web Tokens
Paste any JSON Web Token to decode the header, payload, and signature. Each claim is classified (registered, public, private), expiry is surfaced in plain English, and HS256 signatures verify in your browser via the Web Crypto API. RFC 7519 / 7515 conformant, no uploads, no signup.
How it works
A JSON Web Token (RFC 7519) is a compact, URL-safe representation of a set of claims. The serialised form is three base64url-encoded segments joined by a literal . character: the header declares the signature algorithm, the payload carries the claims, and the signature covers the bytes of base64url(header).base64url(payload). The decoder on this page implements the three reading steps and the one cryptographic step exactly as the spec lays them out:
- Split on ‘.’. A JWS (signed JWT) has exactly 3 segments; a 5-segment token is JWE (RFC 7516) and not in scope here. The decoder also strips a leading
Bearerso you can paste straight from anAuthorizationheader. - Base64url-decode each segment. Base64url is RFC 4648 §5 — the standard Base64 alphabet with
-in place of+and_in place of/. RFC 7515 Appendix C drops the=padding. This decoder accepts both forms (with and without padding) and runs every segment through a secondatob-based implementation to confirm the two routines agree byte for byte. - UTF-8 decode + JSON parse. The header and payload bytes are interpreted as UTF-8 by a fatal-mode
TextDecoder(malformed bytes raise a clear error rather than silently turning into U+FFFD), then handed toJSON.parse. Each top-level key is then classified against the registered claim names in RFC 7519 §4.1 (payload) and RFC 7515 §4.1 (header) — so the UI can distinguish standardiatfrom your application's customtenant_id. - Verify the signature (HS256). If the header declares
alg: HS256and you provide the shared secret, the decoder hashes the ASCII bytes ofsegment[0].segment[1]with HMAC-SHA-256 viacrypto.subtle.verify. You can supply the secret as UTF-8, hex, base64, or base64url — high-entropy keys are rarely printable ASCII. RS256 / ES256 / PS256 need the issuer's public key, not a shared secret, so the decoder shows the claims but refuses to mark the signature as verified.
Two independent invariants run on every page load to keep the implementation honest. First, the RFC 7515 §A.1 canonical HS256 test vector must decode to iss=joe, exp=1300819380 and alg=HS256. Second, every base64url segment is decoded twice — once by the bit-shift routine and once by an atob-based alternative — and the byte arrays must match. Both checks are surfaced as the green “Verified · RFC 7515 §A.1” badge in the decoder header. A red badge means a real regression — please email me.
Worked examples
Frequently asked questions
Sources & references
- IETF RFC 7519 — JSON Web Token (JWT)
- IETF RFC 7515 — JSON Web Signature (JWS), with the canonical HS256 vector in Appendix A.1
- IETF RFC 7518 — JSON Web Algorithms (HS256, RS256, ES256, …)
- IETF RFC 4648 — base64 and base64url encodings
- WHATWG Encoding Standard — TextEncoder / TextDecoder (UTF-8)
- W3C Web Cryptography API — SubtleCrypto.verify (HMAC-SHA-256)
- IETF RFC 8725 — JWT Best Current Practices (must-read for verifiers)
The decoder, base64url paths, and HS256 verifier on this page were last cross-checked against RFC 7515 §A.1 and a fresh jsonwebtoken-signed sample on 2026-05-11. Any algorithmic change bumps that date. If your token decodes differently here than in another tool, email me below.
Related tools
Comments & feedback
Spotted a bug or want an improvement? Tell us — our team reviews every comment, and good ideas get built. Comments are public and anonymous.
Found a bug, edge case, or want to suggest an improvement?
Email me at [email protected] — most fixes ship within 24 hours.