🔑 JWT Token Inspector

Free JWT Decoder
for Windows

Paste a JWT and instantly see the decoded header, payload, and all claims — in a clean formatted view. 100% offline. Your tokens never leave your machine.

Get it from Microsoft See All Features →

Anatomy of a JWT Token

A JSON Web Token (JWT) has three parts separated by dots — header, payload, and signature. Each part is Base64URL-encoded. JSONLab decodes all three and displays them as formatted JSON.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsIm5hbWUiOiJBbGljZSIsInJvbGUiOiJhZG1pbiIsImlhdCI6MTcxMTAwMDAwMCwiZXhwIjoxNzExMDg2NDAwfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "user_123",
  "name": "Alice",
  "role": "admin",
  "iat": 1711000000,
  "exp": 1711086400
}
Signature
HMAC-SHA256(
  base64url(header)
  + "." +
  base64url(payload),
  secret
)
🔒

Privacy note: JSONLab decodes JWTs entirely on your local machine. Your tokens — which may contain user IDs, roles, email addresses, and auth claims — are never sent to any server. This is especially important when debugging production tokens in a corporate environment.

Common JWT Claims Reference

ClaimFull NameDescription & Example
sub Subject The principal that is the subject of the JWT — typically a user ID.
"sub": "user_123"
iss Issuer The server that issued the token — identifies the auth service.
"iss": "https://auth.example.com"
aud Audience The recipient(s) the token is intended for.
"aud": "api.example.com"
exp Expiration Time Unix timestamp after which the token must be rejected.
"exp": 1711086400
iat Issued At Unix timestamp when the token was issued.
"iat": 1711000000
nbf Not Before Token must not be accepted before this Unix timestamp.
"nbf": 1711003600
jti JWT ID Unique identifier for the token — used to prevent replay attacks.
"jti": "a8b9c0d1e2f3"

How to Decode a JWT in JSONLab

1

Open the JWT Decoder

Click the 🔑 JWT button in the JSONLab toolbar to open the JWT Decoder dialog.

2

Paste your JWT token

Copy a JWT from your browser DevTools, Postman response, or log file and paste it into the input field.

3

Inspect decoded output

JSONLab immediately shows the decoded Header and Payload as formatted, syntax-highlighted JSON. Timestamp claims (exp, iat) are decoded to human-readable dates.

4

Copy individual sections

Use the copy button to copy the header or payload JSON independently for further analysis.

Why Decode JWTs Offline?

Frequently Asked Questions

JSONLab decodes the header and payload (which are simply Base64URL-encoded). Signature verification requires the secret key or public certificate used to sign the token — JSONLab does not verify the signature, it only decodes and displays the claims. For security-critical validation, use your application's auth library.
Yes — because JSONLab is a native offline Windows application. Decoding happens entirely on your local machine. No data is transmitted anywhere. This makes it far safer than pasting JWTs into browser-based tools like jwt.io, which send your token to their servers.
JWE (JSON Web Encryption) tokens are encrypted and cannot be decoded without the private key. JSONLab currently supports decoding JWS (signed) tokens — the standard format used by OAuth, OpenID Connect, and most auth frameworks. JWE support may be added in a future release.
JWT decoding (reading the header and payload) works for all algorithms — HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, and more — because decoding only requires Base64URL decoding, not knowledge of the algorithm. The algorithm field in the header tells you which was used to sign.
A 5-part token is a JWE (encrypted JWT) in compact serialisation format: header.encryptedKey.iv.ciphertext.tag. These cannot be decoded without the private key. A standard signed JWT (JWS) has exactly 3 parts: header.payload.signature.

More Tools in JSONLab

✨ JSON Formatter 🔍 JSON Validator 🔄 JSON → YAML / XML / TOML 🏠 JSONLab Home

Decode JWT Tokens Safely — Offline

Never paste production tokens into a browser again. JSONLab's JWT decoder stays on your machine. Free for Windows.

Get it from Microsoft