Token
Decoded
Header, payload, timestamps and signature will appear here.
Decode JWT tokens without sending them to a server
Decode JSON Web Tokens (JWTs) instantly without sending them to any external service. Inspect the header algorithm, payload claims, expiry time, and issued-at date. All decoding is done locally in your browser using Base64 parsing.
Frequently Asked Questions
- What is a JWT?
- A JSON Web Token (JWT) is a compact, URL-safe token used for authentication and information exchange. It consists of three Base64-encoded parts separated by dots: a header (algorithm), a payload (claims), and a signature.
- Does this tool verify the JWT signature?
- This tool decodes the header and payload for inspection only. Signature verification requires the secret or public key and should be done server-side.
- Is it safe to paste my JWT here?
- Yes. The token is decoded entirely client-side and is never sent to any server. That said, exercise caution with long-lived production tokens — avoid pasting them in shared environments.
- Why does my JWT show as expired?
- JWTs contain an "exp" claim holding a Unix timestamp. This tool highlights when that timestamp is in the past, indicating the token is no longer valid.