JWT Decoder

JWT Decoder

The JWT Decoder reads a JSON Web Token and shows you what's inside. A JWT has three Base64URL parts — header, payload and signature — separated by dots. This tool decodes the header and payload so you can inspect claims and expiry, all locally in your browser.

Why use JWT Decoder

  • Decodes the header and payload into readable JSON.
  • Highlights time claims (iat, exp, nbf) as human dates and flags expiry.
  • Works entirely offline — the token never leaves your browser.
  • Helpful for debugging auth flows without a backend.

How to use JWT Decoder

  1. 1Paste your token. Paste a JWT (the xxxxx.yyyyy.zzzzz string) into the input.
  2. 2Inspect the claims. Read the decoded header and payload, and check issued/expiry times.
  3. 3Verify separately. Remember this does not verify the signature — validate that server-side with your key.

Frequently asked questions

Does this verify the JWT signature?
No. It decodes and displays the token for inspection; it does not verify the signature, which requires the secret or public key.
Is it safe to paste my token here?
Yes — decoding happens entirely in your browser. The token is never sent anywhere. Still, avoid pasting production tokens into any online tool.
How do I read the expiry?
The exp claim is a Unix timestamp; this tool shows it as a readable date and flags whether the token is expired.

Developer notes

A JWT is signed, not encrypted — anyone can read its payload, so never put secrets in it. Decoding ≠ verifying; always verify the signature and exp on the server before trusting a token.

Related tools

Base64 Encoder
Encode and decode Base64 text and files, UTF-8 safe.
URL Encoder / Decoder
Percent-encode and decode URLs and query parameters.
Epoch Converter
Convert Unix timestamps, ISO 8601, JWTs & more — instantly.
JSON Formatter
Pretty-print, minify, validate & explore JSON.
Regex Tester
Test patterns live with match highlighting & groups.
Copied