Skip to content

How to Inspect a JWT Token

Detailed guide on using the JWT Decoder.

How to Inspect a JWT Token

The JWT Decoder makes it easy to inspect and understand any JWT token.

Step 1: Paste Your Token

Paste your JWT into the input area. The decoder automatically splits it into three parts:

  • Header (shown in rose) — algorithm and token metadata
  • Payload (shown in violet) — the claims and data
  • Signature (shown in blue) — the cryptographic signature

Step 2: Read the Results

The inspection panel shows you the decoded JSON of both header and payload, making it easy to read the token content without manually base64-decoding each part.

Step 3: Verify the Signature (Optional)

If you have the signing secret or public key, paste it into the key input field. The decoder will verify the token's signature and report whether it's valid.

Tips for Inspection

  • Check the algorithm — Make sure the alg in the header matches what you expect
  • Check expiration — Look for the exp claim to see if the token is still valid
  • Check the issuer — Verify the iss claim matches the expected issuer
  • Watch for "none" — Tokens with alg: "none" have no signature and should be treated with extreme caution

Ready to decode?

Decode and inspect JWTs instantly in your browser.

Launch JWT Decoder

Related Tools

Try these complementary developer tools:

Popular Developer Tools

Most-used tools on LangStop