How to Decode a JWT Token: Header, Payload, Claims Explained

JWT (JSON Web Tokens) are everywhere in modern web development — auth tokens, API keys, OAuth flows. But when something goes wrong, you need to quickly inspect what's inside. This post covers how JWT decoding works and shows a few ways to do it. JWT Structure A JWT has three Base64URL-encoded parts separated by dots: <header>.<payload>.<signature> Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJzdWIiOiJ1c2VyXzEyMyIsImVtYWlsIjoidXNlckBleGFtcGxlLmNvbSIsImV4cCI6MTcxNjIzOTAyMn0 .SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c Method 1: Browser Console (Quick Debug) const token = ' eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... ' ; const [ header , payload ] = token . split ( ' . ' ); console . log ( JSON . parse ( atob ( payload . replace ( /-/g , ' + ' ). replace ( /_/g , ' / ' )))); // {sub: "user_123", email: "user@example.com", exp: 1716239022} Method 2: Online Tool Paste your token at aiforeverthing.com/jwt-decoder.html — it decodes client-side in your browser (nothing sent to a server), shows

How to Decode a JWT Token: Header, Payload, Claims Explained

Related Articles

Epic and Disney now let Fortnite creators make Star Wars games

The Event-Driven Design Choice That Creates Invisible Coupling in .NET

I use Android and a Mac. Here’s the app I had to build myself.

Tools for founders to navigate and move past conflict

The Hidden Cost of Starting From Scratch Every Time

Related Articles

How-To
Epic and Disney now let Fortnite creators make Star Wars games
The Verge • 3h ago

How-To
The Event-Driven Design Choice That Creates Invisible Coupling in .NET
Medium Programming • 3h ago

How-To
I use Android and a Mac. Here’s the app I had to build myself.
Medium Programming • 5h ago

How-To
Tools for founders to navigate and move past conflict
TechCrunch • 5h ago

How-To
The Hidden Cost of Starting From Scratch Every Time
Medium Programming • 6h ago