Question 1

What is a JWT?

Accepted Answer

A JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. It consists of three Base64url-encoded parts: header, payload, and signature.

Question 2

Is this tool safe to use with real tokens?

Accepted Answer

Yes. All decoding happens in your browser using JavaScript's atob() function. No data is sent to any server. That said, treat JWTs like passwords — avoid pasting production tokens with sensitive claims into any online tool.

Question 3

Does this tool verify the JWT signature?

Accepted Answer

No. Signature verification requires the secret key or public key used when the JWT was signed. This tool only decodes (Base64url decodes) the visible parts — it does not validate whether the token is authentic.

Question 4

What is the difference between iat, exp, and nbf?

Accepted Answer

"iat" (issued at) is the Unix timestamp when the token was created. "exp" (expiry) is when the token becomes invalid. "nbf" (not before) is the earliest time the token can be used.

Question 5

What is Base64url encoding?

Accepted Answer

Base64url is a variant of Base64 that uses - and _ instead of + and / and omits padding (=). It is URL-safe, which is why it is used in JWTs.

JWT Decoder

How to Use

FAQ

Related Tools

🔐JWT Decoder

How to Use

FAQ

Related Tools

JWT Decoder