JWT Decoder
Decode and inspect JSON Web Tokens — header, payload and claims.
Header
Payload
Decoding happens in your browser. The signature is not verified — never trust a token by its contents alone.
About this tool
Decode a JSON Web Token (JWT) to inspect its header and payload, and see when it expires. Useful for debugging authentication. Decoding happens locally and the signature is not verified.
How to use it
- 1 Paste your JWT.
- 2 Read the decoded header and payload.
- 3 Check the expiry status if the token has an exp claim.
Frequently asked questions
Does this verify the token’s signature?
No. It only decodes the contents. A valid-looking payload does not mean the token is authentic — always verify the signature server-side.
Is it safe to paste a real token here?
Decoding happens entirely in your browser and nothing is sent or stored. Everything runs in your browser, so your data never leaves your device. Still, avoid sharing live production tokens.
What do the header and payload show?
The header shows the signing algorithm and token type; the payload shows the claims, such as subject, issuer and expiry.