Supported JWT Algorithms
Reference of algorithms defined in RFC 7518.
HMAC (Symmetric)
RSA (Asymmetric)
ECDSA (Asymmetric)
RSA-PSS (Asymmetric)
Why Use JWT Claims Viewer
Client-Side Only
Your tokens never leave your browser. All decoding happens locally in JavaScript — zero server interaction.
Expiration Analysis
Instantly see if a token is expired, how much time remains, or how long since it expired. Also checks nbf (not-before) validity.
Claims Explained
Every standard claim decoded with plain-language descriptions: iss, sub, aud, exp, nbf, iat, jti, name, email, role, scope, permissions.
Token Type Detection
Automatically detects whether the token is an access token, ID token, or refresh token based on its claims.
Frequently Asked Questions
A JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. It is commonly used for authentication and authorization in web applications. A JWT consists of three parts separated by dots: a header, a payload, and a signature.
No. JWT Claims Viewer decodes tokens entirely in your browser using JavaScript. Your token never leaves your device — no data is sent to any server. This makes it safe to use with real tokens from any environment.
JWT Claims Viewer decodes tokens to inspect their contents but does not verify cryptographic signatures. Signature verification requires possession of the secret key (for HMAC) or public key (for RSA/ECDSA), which this tool does not accept. Always verify signatures server-side in production.