Command Palette

Search for a command to run...

What is a JWT and how do you decode one safely?

2 min read
Karan Kacha

JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims to be transferred between two parties. They are widely used for authentication and authorization in modern web applications.

But what actually is a JWT, and how can you safely decode it to see what's inside?

The Structure of a JWT

A JWT consists of three parts separated by dots (.):

  1. Header: Contains metadata about the type of token and the cryptographic algorithms used to secure its contents.
  2. Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data.
  3. Signature: Used to verify the message wasn't changed along the way.

JWT Parser & Decoder

Decode JWTs securely, 100% locally in your browser. No data is sent to our servers.

Try the JWT Parser

Why Local Decoding Matters

Many developers casually paste their JWTs (which often contain sensitive data or active session tokens) into random online decoders. This is a massive security risk if that site logs the tokens.

Always use a tool that works 100% client-side, ensuring your token never leaves your device.

Frequently Asked Questions