{"id":5135,"date":"2026-06-18T13:48:58","date_gmt":"2026-06-18T13:48:58","guid":{"rendered":"https:\/\/rimanagency.com\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/"},"modified":"2026-06-18T13:48:58","modified_gmt":"2026-06-18T13:48:58","slug":"jwt-token-decoder-decode-json-web-tokens-inspect-claims","status":"publish","type":"page","link":"https:\/\/rimanagency.com\/fr\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/","title":{"rendered":"D\u00e9codeur de jetons JWT \u2014 D\u00e9codez les jetons Web JSON et inspectez les revendications"},"content":{"rendered":"<style>.rt-h{background:linear-gradient(135deg,#f1f5e8,#e8efdb);border-radius:14px;padding:32px;margin:0 0 24px;text-align:center}.rt-h h1{margin:0 0 10px;font-size:28px;color:#4a6320}.rt-g{display:grid;grid-template-columns:1fr 1fr;gap:18px;margin:0 0 24px}.rt-f,.rt-o{background:#fff;border:1px solid #e0e6d8;border-radius:10px;padding:22px}.rt-f h3,.rt-o h3{margin:0 0 14px;color:#4a6320;font-size:18px}.rt-f label{display:block;font-size:13px;color:#516048;font-weight:600;margin:10px 0 6px}.rt-f input,.rt-f select,.rt-f textarea{width:100%;padding:9px;border:1px solid #d4dac6;border-radius:6px;font-size:14px;box-sizing:border-box;font-family:inherit}.rt-btn{background:#719430;color:#fff;border:none;padding:11px 20px;border-radius:6px;font-weight:700;cursor:pointer;width:100%;margin-top:14px;font-size:15px}.rt-btn:hover{background:#4a6320}.rt-cta{background:linear-gradient(135deg,#719430,#4a6320);color:#fff;border-radius:14px;padding:32px;text-align:center;margin:30px 0}.rt-cta h3{margin:0 0 6px;color:#fff}.rt-cta a{background:#fff;color:#4a6320;padding:12px 28px;border-radius:6px;font-weight:700;text-decoration:none;display:inline-block;margin-top:14px}@media(max-width:768px){.rt-g{grid-template-columns:1fr}}<\/style>\n<div class=\"rt-h\">\n<h1>JWT Token Decoder<\/h1>\n<p>Paste any JWT (JSON Web Token) and instantly decode the header, payload, and signature segments \u2014 without sending the token to any external service. Inspect issuer, audience, expiration, roles, and any custom claims for debugging auth flows.<\/p>\n<\/div>\n<div class=\"rt-g\">\n<div class=\"rt-f\">\n<h3>JWT Token<\/h3>\n<p><label>Paste full JWT (3 dot-separated Base64 segments)<\/label><textarea id=\"jw-in\" rows=\"7\" placeholder=\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.signature\"><\/textarea><\/div>\n<div class=\"rt-o\">\n<h3>Decoded Segments<\/h3>\n<div id=\"jw-out\" style=\"background:#fafafa;border:1px solid #e0e6d8;border-radius:8px;padding:14px;font-size:14px;min-height:80px;line-height:1.5;font-family:Consolas,monospace;word-break:break-all\">Decoded JWT appears here<\/div>\n<\/div>\n<\/div>\n<p><script>function cJw(){var t=document.getElementById(\"jw-in\").value.trim();if(!t){document.getElementById(\"jw-out\").innerHTML=\"<i style=\\\"color:#888\\\">Paste a JWT to decode<\/i>\";return}var parts=t.split(\".\");if(parts.length<2){document.getElementById(\"jw-out\").innerHTML=\"<span style=\\\"color:#c44\\\">\u2716 Not a valid JWT \u2014 should have 3 dot-separated segments<\/span>\";return}function decodeBase64Url(s){var pad=s.replace(\/-\/g,\"+\").replace(\/_\/g,\"\/\");while(pad.length%4)pad+=\"=\";try{return decodeURIComponent(escape(atob(pad)))}catch(e){return null}}function tryParse(s){var dec=decodeBase64Url(s);if(!dec)return null;try{return JSON.parse(dec)}catch(e){return dec}}var header=tryParse(parts[0]);var payload=tryParse(parts[1]);var signature=parts[2]||\"\";var html='<\/p>\n<div style=\"display:grid;gap:12px\">';html+='<\/p>\n<div style=\"background:#fef9e7;border:1px solid #f3e5a0;border-radius:8px;padding:12px\">\n<div style=\"font-size:11px;font-weight:700;color:#856404;text-transform:uppercase;letter-spacing:.5px\">Header<\/div>\n<pre style=\"margin:6px 0 0;font-family:Consolas,monospace;font-size:12px;white-space:pre-wrap;word-break:break-all;color:#222\">'+(header?JSON.stringify(header,null,2):\"(invalid)\")+'<\/pre>\n<\/div>\n<p>';html+='<\/p>\n<div style=\"background:#f4f9f0;border:1px solid #c4d49e;border-radius:8px;padding:12px\">\n<div style=\"font-size:11px;font-weight:700;color:#4a6320;text-transform:uppercase;letter-spacing:.5px\">Payload<\/div>\n<pre style=\"margin:6px 0 0;font-family:Consolas,monospace;font-size:12px;white-space:pre-wrap;word-break:break-all;color:#222\">'+(payload?JSON.stringify(payload,null,2):\"(invalid)\")+'<\/pre>\n<\/div>\n<p>';html+='<\/p>\n<div style=\"background:#f0f0f0;border:1px solid #d0d0d0;border-radius:8px;padding:12px\">\n<div style=\"font-size:11px;font-weight:700;color:#666;text-transform:uppercase;letter-spacing:.5px\">Signature<\/div>\n<pre style=\"margin:6px 0 0;font-family:Consolas,monospace;font-size:12px;white-space:pre-wrap;word-break:break-all;color:#666\">'+signature.substring(0,200)+(signature.length>200?\"\u2026\":\"\")+'<\/pre>\n<div style=\"font-size:11px;color:#516048;margin-top:6px\">Signature verification requires the secret\/public key \u2014 not possible from the token alone.<\/div>\n<\/div>\n<p>';if(payload&&typeof payload===\"object\"){var iat=payload.iat,exp=payload.exp,nbf=payload.nbf;var now=Math.floor(Date.now()\/1000);var checks=[];if(exp){var e=new Date(exp*1000);var expired=now>exp;checks.push({label:\"Expiration (exp)\",val:e.toISOString()+(expired?' \u2014 <span style=\"color:#c44;font-weight:700\">EXPIRED<\/span>':' \u2014 <span style=\"color:#719430;font-weight:700\">valid<\/span>')})}if(iat)checks.push({label:\"Issued at (iat)\",val:new Date(iat*1000).toISOString()});if(nbf){var n=new Date(nbf*1000);var notYet=now<nbf;checks.push({label:\"Not before (nbf)\",val:n.toISOString()+(notYet?' \u2014 <span style=\"color:#c44\">not yet valid<\/span>':\"\")})}if(payload.iss)checks.push({label:\"Issuer (iss)\",val:payload.iss});if(payload.aud)checks.push({label:\"Audience (aud)\",val:typeof payload.aud===\"string\"?payload.aud:JSON.stringify(payload.aud)});if(payload.sub)checks.push({label:\"Subject (sub)\",val:payload.sub});if(checks.length){html+='<\/p>\n<div style=\"background:#fff;border:1px solid #e0e6d8;border-radius:8px;padding:12px\">\n<div style=\"font-size:11px;font-weight:700;color:#719430;text-transform:uppercase;letter-spacing:.5px;margin-bottom:8px\">Standard Claims<\/div>\n<p>';checks.forEach(function(c){html+='<\/p>\n<div style=\"font-size:13px;padding:4px 0;border-bottom:1px solid #f0f3e8\"><b>'+c.label+'<\/b>: '+c.val+'<\/div>\n<p>'});html+='<\/p><\/div>\n<p>'}}html+='<\/p><\/div>\n<p>';document.getElementById(\"jw-out\").innerHTML=html}document.getElementById(\"jw-in\").addEventListener(\"input\",cJw);cJw();<\/script><\/p>\n<h2>How to use the JWT Decoder<\/h2>\n<p>Paste a complete JWT \u2014 three Base64Url-encoded segments separated by dots. The decoder splits the segments, Base64Url-decodes each, parses the header and payload as JSON, and displays them with syntax-style coloring. Standard JWT claims (exp, iat, nbf, iss, aud, sub) get human-readable interpretation including expiration status.<\/p>\n<h2>Why this tool matters<\/h2>\n<p>JWTs are everywhere in modern auth \u2014 OAuth2, OpenID Connect, API keys, magic links, password reset tokens. Debugging &#8220;why doesn\\u2019t my API call work?&#8221; almost always starts with decoding the token to inspect claims. Online JWT decoders exist but most send your token to a server \u2014 a bad habit for tokens that might still be valid. Our decoder runs entirely in your browser.<\/p>\n<h2>Common use cases<\/h2>\n<ul>\n<li>Debugging &#8220;401 Unauthorized&#8221; responses by inspecting token claims<\/li>\n<li>Confirming a token has not expired<\/li>\n<li>Checking that the audience (aud) matches what your API expects<\/li>\n<li>Verifying which roles or scopes are encoded in a user\\u2019s token<\/li>\n<li>Inspecting tokens from password reset links and magic-link emails<\/li>\n<li>Training new engineers on JWT structure<\/li>\n<\/ul>\n<h2>JWT structure: header.payload.signature<\/h2>\n<p>Every JWT has three parts. The header declares the algorithm (alg) and type (typ). The payload contains claims \u2014 standard ones like exp\/iat\/iss and custom ones like roles\/permissions. The signature verifies the token was not tampered with. Decoding does not verify \u2014 anyone can decode any JWT. Only the issuer with the secret\/key can verify.<\/p>\n<h2>Why we cannot verify signatures<\/h2>\n<p>Signature verification requires either the secret (for HMAC algorithms like HS256) or the public key (for RSA\/ECDSA algorithms like RS256). Neither is in the token itself. The token alone tells you what the issuer claimed; only the secret\/key tells you it really was the issuer.<\/p>\n<h2>Frequently Asked Questions<\/h2>\n<p><strong>Is it safe to paste my JWT into your tool?<\/strong><br \/>Yes \u2014 the decoder runs entirely in your browser. Nothing is sent to any server. That said: if a token might still be active (not expired) and grants access to anything important, be cautious of any tool that might log it.<\/p>\n<p><strong>Can JWTs be encrypted?<\/strong><br \/>Standard JWTs are signed but not encrypted \u2014 anyone can read the payload by Base64-decoding. For encrypted tokens use JWE (JSON Web Encryption), which is a different spec. Most authentication flows use signed-only JWTs because payload contents are not secret.<\/p>\n<p><strong>What does &#8220;JWT signature invalid&#8221; mean in my API logs?<\/strong><br \/>Either the token was tampered with, was signed with a different key, or your verifier is using the wrong algorithm. Decode the header to confirm alg matches what your verifier expects.<\/p>\n<p><strong>Where can I learn more about JWT claims?<\/strong><br \/>RFC 7519 defines the standard claims. iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), jti (JWT ID). Custom claims are free-form \u2014 common ones include &#8220;roles&#8221;, &#8220;scope&#8221;, &#8220;email&#8221;, &#8220;tenant_id&#8221;.<\/p>\n<div class=\"rt-cta\">\n<h3>Building secure marketing martech with API integrations and auth flows?<\/h3>\n<p style=\"margin:0;opacity:.95\">Riman Agency builds martech architecture with proper auth and security.<\/p>\n<p><a href=\"\/contact\/\">Talk to MarTech<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>JWT Token Decoder Paste any JWT (JSON Web Token) and instantly decode the header, payload, and signature segments \u2014 without sending the token to any external service. Inspect issuer, audience, expiration, roles, and any custom claims for debugging auth flows. JWT Token Paste full JWT (3 dot-separated Base64 segments) Decoded Segments Decoded JWT appears here [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-5135","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>JWT Token Decoder \u2014 Decode JSON Web Tokens &amp; Inspect Claims - Riman Agency<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rimanagency.com\/fr\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"JWT Token Decoder \u2014 Decode JSON Web Tokens &amp; Inspect Claims - Riman Agency\" \/>\n<meta property=\"og:description\" content=\"JWT Token Decoder Paste any JWT (JSON Web Token) and instantly decode the header, payload, and signature segments \u2014 without sending the token to any external service. Inspect issuer, audience, expiration, roles, and any custom claims for debugging auth flows. JWT Token Paste full JWT (3 dot-separated Base64 segments) Decoded Segments Decoded JWT appears here [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rimanagency.com\/fr\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/\" \/>\n<meta property=\"og:site_name\" content=\"Riman Agency\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rimanagency.com\\\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\\\/\",\"url\":\"https:\\\/\\\/rimanagency.com\\\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\\\/\",\"name\":\"JWT Token Decoder \u2014 Decode JSON Web Tokens & Inspect Claims - Riman Agency\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rimanagency.com\\\/#website\"},\"datePublished\":\"2026-06-18T13:48:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rimanagency.com\\\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\\\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rimanagency.com\\\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rimanagency.com\\\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rimanagency.com\\\/home\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"JWT Token Decoder \u2014 Decode JSON Web Tokens &#038; Inspect Claims\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rimanagency.com\\\/#website\",\"url\":\"https:\\\/\\\/rimanagency.com\\\/\",\"name\":\"Riman Agency\",\"description\":\"A Full Service Digital Marketing Agency\",\"publisher\":{\"@id\":\"https:\\\/\\\/rimanagency.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rimanagency.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/rimanagency.com\\\/#organization\",\"name\":\"Riman Agency\",\"url\":\"https:\\\/\\\/rimanagency.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\\\/\\\/rimanagency.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/rimanagency.com\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/RIMANagency-all-logos-1-2.png\",\"contentUrl\":\"https:\\\/\\\/rimanagency.com\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/RIMANagency-all-logos-1-2.png\",\"width\":694,\"height\":211,\"caption\":\"Riman Agency\"},\"image\":{\"@id\":\"https:\\\/\\\/rimanagency.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"D\u00e9codeur de jetons JWT \u2014 D\u00e9codez les jetons Web JSON et examinez les revendications - Agence Riman","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rimanagency.com\/fr\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/","og_locale":"fr_CA","og_type":"article","og_title":"JWT Token Decoder \u2014 Decode JSON Web Tokens & Inspect Claims - Riman Agency","og_description":"JWT Token Decoder Paste any JWT (JSON Web Token) and instantly decode the header, payload, and signature segments \u2014 without sending the token to any external service. Inspect issuer, audience, expiration, roles, and any custom claims for debugging auth flows. JWT Token Paste full JWT (3 dot-separated Base64 segments) Decoded Segments Decoded JWT appears here [&hellip;]","og_url":"https:\/\/rimanagency.com\/fr\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/","og_site_name":"Riman Agency","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/rimanagency.com\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/","url":"https:\/\/rimanagency.com\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/","name":"D\u00e9codeur de jetons JWT \u2014 D\u00e9codez les jetons Web JSON et examinez les revendications - Agence Riman","isPartOf":{"@id":"https:\/\/rimanagency.com\/#website"},"datePublished":"2026-06-18T13:48:58+00:00","breadcrumb":{"@id":"https:\/\/rimanagency.com\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rimanagency.com\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rimanagency.com\/jwt-token-decoder-decode-json-web-tokens-inspect-claims\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rimanagency.com\/home\/"},{"@type":"ListItem","position":2,"name":"JWT Token Decoder \u2014 Decode JSON Web Tokens &#038; Inspect Claims"}]},{"@type":"WebSite","@id":"https:\/\/rimanagency.com\/#website","url":"https:\/\/rimanagency.com\/","name":"Agence Riman","description":"Une agence de marketing num\u00e9rique \u00e0 service complet","publisher":{"@id":"https:\/\/rimanagency.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rimanagency.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-CA"},{"@type":"Organization","@id":"https:\/\/rimanagency.com\/#organization","name":"Agence Riman","url":"https:\/\/rimanagency.com\/","logo":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/rimanagency.com\/#\/schema\/logo\/image\/","url":"https:\/\/rimanagency.com\/wp-content\/uploads\/2022\/02\/RIMANagency-all-logos-1-2.png","contentUrl":"https:\/\/rimanagency.com\/wp-content\/uploads\/2022\/02\/RIMANagency-all-logos-1-2.png","width":694,"height":211,"caption":"Riman Agency"},"image":{"@id":"https:\/\/rimanagency.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/rimanagency.com\/fr\/wp-json\/wp\/v2\/pages\/5135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rimanagency.com\/fr\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/rimanagency.com\/fr\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/rimanagency.com\/fr\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/rimanagency.com\/fr\/wp-json\/wp\/v2\/comments?post=5135"}],"version-history":[{"count":0,"href":"https:\/\/rimanagency.com\/fr\/wp-json\/wp\/v2\/pages\/5135\/revisions"}],"wp:attachment":[{"href":"https:\/\/rimanagency.com\/fr\/wp-json\/wp\/v2\/media?parent=5135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}