JWT Decoder

JWT (JSON Web Token) is a compact, URL-safe token format for securely transmitting information. It consists of three parts: header (algorithm), payload (claims/data), and signature. JWTs are commonly used for authentication and authorisation.

Header: Contains the token type (JWT) and signing algorithm (e.g., HS256, RS256). Payload: Contains claims like user ID, expiration time, and custom data. Signature: Verifies the token hasn't been tampered with.

Yes, decoding is safe - JWT payloads are just Base64-encoded, not encrypted. Anyone can read them. The signature prevents tampering but doesn't hide the contents. Never put sensitive data in JWT payloads without encryption.

exp (Expiration Time): When the token expires. iat (Issued At): When the token was created. nbf (Not Before): Token is not valid before this time. All are Unix timestamps (seconds since 1970).