Header JSON will load here...
Payload JSON will load here...
What are JSON Web Tokens (JWT)?
A JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
A JWT string consists of exactly three parts separated by dots (.):
How JWT Decoding Works
To view the payload of a JWT, no cryptographic key is required. The first two sections (Header and Payload) are simply Base64Url encoded string segments. Base64Url is identical to Base64, but replaces characters to match URL-safe standards:
The decoded payload contains standardized claims like:
iss(Issuer): The authority that generated the token.exp(Expiration Time): Seconds since January 1, 1970 UTC, indicating when the token expires.sub(Subject): The user ID or unique principal identification.aud(Audience): Who the token is intended for.
Frequently Asked Questions
No. To maintain complete browser sandboxing and absolute data privacy, Calculent.com is a pure client-side decoder. It parses, reads, and visualizes Header/Payload claims locally, but does not cryptographically authenticate the signature integrity, as that requires inputting private keys or communicating with authentication endpoints.
Base64Url is a variant of Base64 designed for safe transmission in web addresses and HTTP headers. It replaces the characters + with - and / with _, and removes the trailing padding character =.
The payload contains an exp (expiry) property represented as a Unix epoch timestamp (seconds since 1970). Our script compares this timestamp with your computer's local clock in real-time. If your computer's date/time is wrong or the token lifetime has elapsed, it flags the token as expired.