JWT Encode & Decode
Decode, encode, and verify JSON Web Tokens
DevToolKit's JWT Decoder & Encoder instantly decodes JSON Web Tokens per RFC 7519, showing color-coded header, payload, and signature sections. It checks token expiration and verifies HMAC signatures. Fully client-side — your tokens never leave your browser.
Related Tools
Last updated:
What is a JWT (JSON Web Token)?
A JSON Web Token (JWT), defined by RFC 7519, is a compact, URL-safe token format used for securely transmitting claims between parties. A JWT consists of three Base64URL-encoded parts separated by dots: the Header specifies the signing algorithm (e.g., HS256, RS256) and token type, the Payload contains claims — standardized fields like 'iss' (issuer), 'sub' (subject), 'exp' (expiration), and 'iat' (issued at) along with any custom data — and the Signature is computed over the header and payload to detect tampering. JWTs are the backbone of modern authentication and authorization: OAuth 2.0 and OpenID Connect use them as access tokens and ID tokens, API gateways validate them for request authorization, and single sign-on (SSO) systems transmit user identity across services. Developers frequently need to inspect JWTs to debug authentication failures, verify token expiration, check claim values, or confirm signature integrity. This tool decodes any JWT instantly with color-coded sections, checks expiration status, and can verify HMAC signatures — all entirely in your browser, so sensitive tokens containing user data or credentials are never sent to a server.
How to Use the JWT Tool
- To decode: paste a JWT token and click 'Decode' to see the header, payload, and signature details.
- To verify: after decoding, enter the secret key and click 'Verify Signature'.
- To encode: switch to the Encode tab, fill in header and payload JSON, enter a secret, and click 'Generate JWT'.
- Copy the result to your clipboard with the copy button.