How to use the JWT Decoder
Overview
A short guide to where to look when you want to inspect the contents of a JWT.
Quick answer: In the JWT decoder, check the header for `alg` and `typ`, and inspect the payload for claims such as `sub` and `exp`. It does not verify the signature, so use it for inspection only.
1. Start with the three parts
A JWT has three parts: header, payload, and signature. The decoder shows them separately so you can inspect each section without guessing where the fields live.
header.payload.signature2. What to look for in the header and payload
In the header, check values like `alg` and `typ`. In the payload, look for claims such as `sub`, `iat`, and `exp`. If `exp` exists, it is usually the first field to check when you want to know whether the token is still valid.
- Check the header's `alg` value
- Inspect payload claims such as `sub` and `exp`
- Use time-based claims to understand expiry
3. Decoding is not verification
The decoder only splits the token and renders the JSON in a readable form. It does not prove that the signature is valid. If you need to confirm authenticity or tampering, verify the signature on the server separately.
Browse all guides
Open the full guides page to compare articles and jump to another topic.
Related tools
After reading, open the generator page and put the value to use right away.