Practical guide
How to use JWT Decoder
JWT Decoder reveals the readable header and payload inside a JSON Web Token. It helps developers inspect algorithms, subjects, issuers, audiences, and expiration claims without sending a token to a remote decoder.
Step by step
- Paste a three-part JWT into the token field.
- Select Decode token.
- Inspect the JSON header, payload, and any expiration message without treating the result as verified.
Example
Input
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI3NyJ9.signatureResult
Header algorithm: HS256; payload subject: 77How it works
JWT header and payload sections use Base64URL encoding. The tool decodes those two sections as UTF-8 JSON; it does not possess the signing key or validate the cryptographic signature.
Important limitations
- Decoded claims can be forged and must not be trusted without signature verification.
- Avoid pasting active production tokens on shared or untrusted devices.
Frequently asked questions
Does a successful decode mean the token is valid?
No. Decoding only reveals claims. Your application must verify the signature, issuer, audience, expiry, and other rules.
Is the token uploaded?
The decoder runs in the current browser tab and does not send the token to a 77 Toolkit backend.