JWT Decoder & Inspector
Paste a JSON Web Token to decode its header, payload, and check expiration status. Nothing leaves your browser.
How to Use This JWT Decoder
- Paste your JWT token in the input area
- The header, payload, and signature are decoded instantly
- Check expiration status and registered claims at a glance
- Click Copy to grab any decoded section
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three Base64Url-encoded parts separated by dots: Header, Payload, and Signature.
Features
- Color-Coded View — Header (red), Payload (purple), Signature (cyan)
- Expiration Check — Instantly see if a token is expired
- Timestamp Decoding — iat, exp, and nbf converted to human-readable dates
- Registered Claims — Quick view of iss, sub, aud, jti
Frequently Asked Questions
Is my JWT safe here?
Yes. Decoding happens entirely in your browser. No token data is sent to any server.
Can this tool verify JWT signatures?
No. Signature verification requires the secret key or public key, which should never be shared in a browser tool. This tool only decodes and inspects the token contents.
What algorithms are supported?
This decoder works with any JWT regardless of algorithm (HS256, RS256, ES256, etc.) since it only decodes the Base64Url-encoded parts.