Here it is: https://jwt.io/

I understand that there is a desire to pull information from the token on the client side.
If so, then nip this nonsense in the bud!
Of course, you can pull it out, and it's very easy, it's a simple json.
But the tokens are not intended for pulling out information on the client side, they are intended for "presentation" to the server side. But the server side should look into the token exactly at its discretion. The client, in the general case, should not care what is in the token, how it is written and in what format it is.
I'll try to explain. Imagine that I am developing a zoo of services and decided to use JWT for authorization. And at some point, I decided, for my own needs, to forward not the username into the token, but the SW from the database (well, or vice versa, that’s not the point). As a result, the contents of the token can change 20 or even 30 times during the project, well, except for the standard fields.