JWT Decoder
Decode & inspect JWT tokens
Decode and inspect JSON Web Tokens (JWT) instantly. View header, payload, and signature claims without verifying the signature.
How to Use JWT Decoder
- 1Paste your JWT token into the input box
- 2Header and payload sections decode instantly
- 3View all claims including exp, iat, sub, iss
- 4Check token expiry status
- 5Never paste production tokens in public — this tool is client-side only
Features
- Decode header, payload, and signature info
- Human-readable timestamp for exp and iat claims
- Token expiry detection (expired / valid)
- Pretty-printed JSON output
- Color-coded claim types
- Completely client-side — tokens never sent to a server
Frequently Asked Questions
Does this verify the JWT signature?
No. Decoding reads the Base64-encoded payload without verifying the signature. To verify a JWT, use your backend with the secret or public key.
Is it safe to paste my JWT here?
Since this tool is purely client-side, your token is not sent anywhere. However, avoid pasting production tokens in shared or public environments as a general security practice.
What are the parts of a JWT?
A JWT has three Base64URL-encoded parts separated by dots: Header (algorithm info), Payload (claims data), and Signature (cryptographic signature).