JWT Decoder
Decode and inspect JSON Web Tokens
About JWT Decoder
Decode any JWT token to inspect its header, payload, and claims. Verify structure, check expiration times, and debug authentication issues in seconds.
- Decodes all three JWT parts: header, payload, signature
- Highlights token expiration status automatically
- Displays all claims with human-readable timestamps
- Color-codes different claim types for easy scanning
- Works entirely in-browser without sending tokens anywhere
Everything runs in your browser — your data never leaves your device.
How to Use JWT Decoder
- Paste your JWT token in the input
- The header and payload are decoded automatically
- Check token expiration and all claims at a glance
Frequently Asked Questions
What is a JWT (JSON Web Token)?
A JWT is a compact, URL-safe token format used for authentication and data exchange. It has three Base64-encoded parts separated by dots: header (algorithm), payload (claims/data), and signature (verification).
Can this tool verify JWT signatures?
This tool decodes and displays the header and payload. For full signature verification, you need the secret key or public key used to sign the token.
Is it safe to paste my JWT here?
Yes. The token is decoded entirely in your browser — nothing is sent to a server. However, never share JWTs publicly as they may contain sensitive claims.
Why does my JWT say it's expired?
The payload's "exp" claim contains the expiration timestamp. If the current time is past that timestamp, the token is expired. The tool highlights this so you can quickly diagnose authentication issues.
