JWT Token Decoder

JWT (JSON Web Token) is a compact and self-contained way to transmit information securely between parties as a JSON object. JWTs are commonly used for authentication and authorization in web applications and APIs.

JWT Structure

A JWT consists of three parts separated by dots (.):

• Header: Contains the token type (JWT) and signing algorithm (e.g., HS256, RS256)
• Payload: Contains the claims (statements about the user and additional data)
• Signature: Used to verify the token hasn't been tampered with

Common Claims

• iss (Issuer) - Who created and signed the token
• sub (Subject) - The subject of the token (usually user ID)
• aud (Audience) - Who the token is intended for
• exp (Expiration) - When the token expires (Unix timestamp)
• iat (Issued At) - When the token was created (Unix timestamp)
• nbf (Not Before) - Token not valid before this time (Unix timestamp)
• jti (JWT ID) - Unique identifier for the token

Use Cases

• Authentication: User login and session management
• Single Sign-On (SSO): Authenticate across multiple applications
• API Authorization: Secure API endpoints and microservices
• Information Exchange: Securely transmit data between systems
• Mobile Apps: Authenticate without storing credentials