JWT Decoder
Decode and inspect JWT tokens — header, payload, and signature.
How to Use JWT Decoder
- 1Paste your JWT token into the input field.
- 2The header and payload are decoded and displayed as formatted JSON instantly.
- 3Check the expiry badge to see if the token is still valid.
- 4Never paste production tokens — use test/development tokens only.
Frequently Asked Questions
Is the signature verified?
No — signature verification requires the secret key, which should never be shared with a browser tool. This tool only decodes the base64url-encoded header and payload.
What is a JWT?
A JSON Web Token is a compact, URL-safe way to represent claims between two parties. It consists of three base64url-encoded parts: header, payload, and signature, separated by dots.
Is it safe to paste my JWT here?
All decoding happens locally in your browser — nothing is sent to any server. However, JWTs may contain sensitive data (user IDs, roles, emails), so use test tokens only.
About JWT Decoder
JWTs are ubiquitous in modern authentication — used by OAuth, OpenID Connect, and countless APIs. Our JWT Decoder lets you inspect the contents of any JWT instantly: the algorithm in the header, the claims in the payload, and the expiry status.
The decoder is built with pure JavaScript — no external library required. It handles base64url decoding (which differs from standard base64 in using - and _ instead of + and /), parses the JSON, and formats timestamps into human-readable dates.