Extract & Format JWT Claims
Quickly extract and format claims from any JWT payload. View standard and custom claims in a clean, searchable list with human-readable dates for easier debugging and analysis.
Not present in token
Not present in token
Not present in token
Not present in token
Not present in token
Not present in token
Not present in token
Extracting Claims from JWT Payloads
The claim extractor parses a JWT and pulls out all claims from the payload segment. It separates standard registered claims (iss, sub, exp, etc.) from custom claims your application adds.
The tool decodes the Base64URL-encoded payload, parses the JSON, and displays each claim with its value. Timestamp claims (exp, nbf, iat) get formatted as human-readable dates alongside the raw Unix timestamp.
Standard claims extracted:
Custom claims appear below standard ones. Arrays and objects display as formatted JSON. You can copy individual claim values or export the entire payload as JSON.
When You'd Actually Use This
Debugging authentication issues
A user can't access a resource they should have permission for. Extract claims to verify their roles array includes the required role.
Auditing token contents
Security review requires documenting what data your tokens contain. Extract claims from production tokens (carefully!) to create an inventory.
Verifying expiry times
Tokens expire sooner than expected. Extract the exp claim to see the exact timestamp and convert it to your timezone.
Checking for sensitive data leakage
Concerned about PII in tokens? Extract all claims to audit whether passwords, emails, or other sensitive data accidentally made it into the payload.
Building token-based logging
Adding user IDs to log entries? Extract the sub claim from incoming tokens to correlate logs with specific users.
Testing claim propagation
Your auth service adds custom claims. Extract them from generated tokens to verify claims like tenant_id or permissions appear correctly.
What to Know Before Using
Extraction doesn't verify signatures.The tool reads the payload without checking if the token is valid. Anyone can create a fake token with any claims. Always verify signatures in production code.
Timestamps are Unix format (seconds since 1970).JWT uses Unix timestamps, not JavaScript milliseconds. The extractor shows both the raw timestamp and the converted date for clarity.
Array and object claims display as JSON.Complex claims like roles: ["admin", "user"] appear formatted. Copy the JSON directly for use in your code.
Some claims may be missing.Only sub is required by the JWT spec. Your tokens might not have iss, aud, or other standard claims depending on your issuer.
Privacy warning: Never paste tokens containing real user data into online tools. Use test tokens or tokens from development environments only.
Common Questions
What's the difference between iss and sub?
iss identifies the token issuer (e.g., "auth.example.com"). sub identifies the subject—usually the user ID. Same user logged into different apps would have the same sub but different iss values.
Why is my exp claim showing a past date?
The token has expired. Extract the timestamp and compare it to the current time. Expired tokens should be rejected by your verification code and refreshed if needed.
Can I modify claims and re-sign the token?
This tool only extracts—it doesn't modify or re-sign. To change claims, you need access to the signing key and must create a new token through your auth system.
What does the aud claim mean?
aud (audience) specifies which services should accept this token. Prevents token confusion attacks where a token meant for Service A is used with Service B.
How do I extract claims in my code?
Most JWT libraries provide claim access: Node.js (jwt.decode(token)), Python (jwt.decode(token, options={verify_signature: False})). Always verify the signature first in production.
Are custom claims safe to use?
Yes, but keep them small. Every claim adds to token size. Avoid PII. Use namespaced names (e.g., com.example.role) to prevent conflicts with future standard claims.
Other Free Tools
JWT Decoder & Validator
Decode & Validate JWT Tokens Instantly
JWT Generator & Signer
Generate & Sign Custom JWT Tokens
JWT Debugger & Tester
Debug & Test JWT Tokens Step-by-Step
JWT Secret & Key Generator
Generate JWT Secrets & Key Pairs
JWT Expiry Checker & Timestamp Converter
Check JWT Expiry & Convert Timestamps
ASCII to Hex Converter
ASCII to Hex Converter: Text to Hexadecimal Translator
Barcode Generator
Free Barcode Generator
Binary to Text Converter
Binary to Text Converter
Free Printable Calendar Maker
Create & Print Your Custom Calendar
Pie Chart Maker
Free Pie Chart Maker Online