JWT Decoder

Decode JSON Web Tokens (JWT) to inspect header, payload, and signature. Check expiration status, claims, and token validity instantly.

Decode and inspect JWT (JSON Web Token) contents instantly

This tool decodes JWT tokens locally in your browser. It does NOT verify the signature — only the server with the secret key can validate authenticity.

How to Use This Tool

  1. 1

    Paste your JWT token

    Copy a JWT token from your application, API response, or authentication header and paste it into the input field.

  2. 2

    View decoded sections

    The tool automatically decodes and displays the header (algorithm info), payload (claims/data), and signature sections.

  3. 3

    Check expiration status

    If the token contains exp (expiration) or iat (issued at) claims, the tool shows whether the token is still valid or expired.

  4. 4

    Copy any section

    Click the copy button on any decoded section to copy the formatted JSON to your clipboard for debugging or documentation.

Frequently Asked Questions

What is a JWT token?
JWT (JSON Web Token) is a compact, URL-safe format for transmitting claims between parties. It consists of three Base64-encoded parts: header, payload, and signature, separated by dots.
Does this tool verify JWT signatures?
No. This tool only decodes the token to inspect its contents. Signature verification requires the secret key or public key, which only the issuing server possesses.
Is it safe to paste my JWT here?
Yes. All decoding happens locally in your browser. No data is sent to any server. However, never share your JWT tokens publicly as they may grant access to protected resources.
What are common JWT claims?
Standard claims include: sub (subject), iss (issuer), aud (audience), exp (expiration time), iat (issued at), nbf (not before), and jti (JWT ID). Custom claims can contain any application-specific data.