JWT Decoder
Decode & inspect JWT tokens
π 100% client-side β your data never leaves this pageAbout this tool
Paste any JWT token to instantly decode and inspect its Header, Payload, and Signature. Claims like iss, sub, exp and iat are explained inline. Expiration status is shown automatically. The signature cannot be verified without the secret key, but all other fields are decoded in full. Runs entirely in your browser.
Frequently Asked Questions
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three Base64URL-encoded parts: Header, Payload, and Signature, separated by dots.
Is my JWT token safe to paste here?
Yes. Decoding happens entirely in your browser. Your token is never sent to any server. However, avoid sharing JWTs containing sensitive data in public.
Can you verify the JWT signature?
No. Signature verification requires the secret key or public key used to sign the token, which we do not have. This tool only decodes the Header and Payload.
What does the expiration status mean?
If the token contains an exp claim, we compare it against the current time. Expired tokens are flagged in red. Note that a valid signature is still required for actual authentication.