Private / Symmetric Key
JWK or JWKS · optional for plain JWT
Token
JWE (5 parts) or JWT (3 parts)
Decoded Output
Decoded output will appear here
Paste a token on the left and click Decode. JWTs are decoded without a key. JWE tokens require a private or symmetric key.
Supported key types
RSA Private (JWK) — kty: "RSA" with d, p, q — for RSA-OAEP, RSA-OAEP-256
EC Private (JWK) — kty: "EC" with d — for ECDH-ES, ECDH-ES+A256KW
Symmetric (JWK) — kty: "oct" with k — for dir+AES, HS256/384/512
JWKS — { "keys": [...] } — server tries each key automatically
Not needed for JWT — Plain JWTs (3 parts) are decoded without a key