A JSON Web Token (JWT) is a compact, URL-safe token with three Base64URL-encoded parts separated by dots: a Header (algorithm and type), a Payload (claims), and a Signature. They are commonly used for authentication.

Does this tool verify the JWT signature?

No — this tool decodes the header and payload for inspection only. Signature verification requires the secret key or public key, which you should never share with a third-party tool. All decoding runs locally in your browser.

Is my JWT safe to paste here?

All decoding happens 100% in your browser — no data is sent to any server. However, JWTs may contain sensitive claims; use caution when pasting production tokens.

What does the expiry check show?

If the payload contains an "exp" (expiration) claim, the tool displays it as a human-readable date and time, and indicates whether the token has already expired.

What JWT algorithms are supported?

The decoder handles any JWT regardless of algorithm (HS256, RS256, ES256, etc.) since it only decodes the Base64URL parts. Algorithm details are shown in the decoded header.

JWT Decoder

Decode and inspect JSON Web Tokens — view the header, payload claims, and expiration date. Runs entirely in your browser.

Your files never leave your device

JWT Token

How to JWT Decoder

Paste a JWT (three dot-separated Base64URL parts) into the input field.
The header, payload, and signature sections decode automatically.
Check the expiration status — the tool shows if the token has expired.
Copy the decoded payload for use in your code or debugging.

Why Use This Tool?

Debugging authentication issues requires quickly inspecting what a JWT actually contains. This tool decodes any JWT instantly without sending it to a server, making it safe to use with tokens from staging environments.

JWT Decoder

How to JWT Decoder

Why Use This Tool?

Frequently Asked Questions