JWT Decoder

JSON Web Tokens (JWT): Compact, URL-safe tokens for transmitting information between parties. Consists of three Base64URL-encoded parts: header.payload.signature.

Header: Contains metadata about the token type and signing algorithm (e.g., HS256, RS256).

Payload: Contains claims (statements about an entity) and additional data. Common fields: sub (subject), iss (issuer), exp (expiration), iat (issued at).

Signature: Cryptographic signature used to verify token integrity. This tool decodes but does not verify signatures (requires secret key).

Security Note: JWTs are not encrypted, only signed. Don't include sensitive information in the payload unless encrypted separately.