JWT Decoder
Decode JSON Web Tokens to inspect the header and payload instantly in your browser. See claims like expiry and issuer without a server call.
IN: JWT string · OUT: Header & payload JSON · RUNS: 100% in your browser
Frequently asked questions
Does this tool verify the JWT signature?+
No, it only decodes and displays the header and payload. Signature verification requires the secret or public key, which this tool does not request, for your safety.
Is my token sent to a server?+
No. Decoding happens entirely client-side in your browser; your token is never transmitted or logged.
Why shouldn't I paste production tokens into online tools?+
As a general security practice, avoid pasting live production tokens into any third-party site. This tool works fully offline in your browser, but using a local or expired token for testing is still good hygiene.
What does the 'exp' claim mean?+
The exp claim is a Unix timestamp indicating when the token expires. This tool automatically converts it to a readable date for you.