🔐 JWT Decoder

What is a JWT?

JWT (JSON Web Token) is a compact, URL-safe token format used for authentication and information exchange between services. A JWT is three Base64URL-encoded sections separated by dots: a header describing the signing algorithm, a payload containing claims like the user ID and expiration time, and a signature generated from the first two parts plus a secret or private key.

Decoding vs verifying

Decoding reveals what is inside a JWT — anyone with the token can do it. Useful for debugging, inspecting claims, checking expiration, or understanding why a request was rejected. Verifying proves the token has not been tampered with and was issued by the trusted party. Verifying requires the original secret (HS256) or public key (RS256, ES256), and is normally done server-side. This tool only decodes.

Common claims explained

iss — issuer (who created the token). sub — subject (usually the user ID). aud — audience (intended recipient). exp — expiration timestamp (Unix seconds). iat — issued-at timestamp. nbf — not-before timestamp. jti — unique token identifier. The decoder converts timestamp claims into human-readable dates and flags expired tokens automatically.

Why use FileTools JWT Decoder?

✅ Free — no signup, no spam
✅ 100% private — token never leaves your browser
✅ Color-coded sections (header / payload / signature)
✅ Common claims expanded with human-readable dates
✅ Expiration status detection
✅ Copy header or payload JSON with one click

Security note

JWTs are not encrypted by default — they are signed. Anyone can read the contents by Base64-decoding the header and payload, exactly like this tool does. Never put secrets inside a JWT payload, and never share real production tokens in screenshots, support tickets, or public forums. Treat tokens like passwords.

Frequently Asked Questions