JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. A JWT consists of three parts separated by dots (.): Header, Payload, and Signature.

• Header: Typically consists of two parts: the type of the token (JWT) and the signing algorithm being used (e.g., HMAC SHA256 or RSA). This part is Base64Url encoded.
• Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data. This part is also Base64Url encoded.
• Signature: Used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

This tool only decodes the Header and Payload. It does not verify the signature, as that requires the secret or public key used to sign the token.