JWT Decoder
Decode and inspect JSON Web Tokens. View header, payload, and check expiration. Nothing is sent to any server.
🔐 What Is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange between parties. It consists of three base64url-encoded parts separated by dots: Header (algorithm and type), Payload (claims/data), and Signature (verification).
JWTs are used in OAuth 2.0, OpenID Connect, API authentication, single sign-on (SSO), and stateless session management. This tool decodes the header and payload without verifying the signature — useful for debugging and inspection.
🎯 Use Cases
🐛 Debugging Auth
Inspect JWT tokens from your API to debug authentication issues, check claims, and verify expiration times.
⏱ Check Expiration
Quickly see when a token expires (exp claim) and when it was issued (iat claim) in human-readable format.
🔍 API Development
Inspect tokens during API development to verify the correct claims are being set by your auth server.
📚 Learning
Understand JWT structure by seeing how the three parts (header, payload, signature) are encoded and what they contain.
❓ FAQ
Does this tool verify the signature?
No. This tool only decodes and displays the header and payload. Signature verification requires the secret key or public key, which should never be shared in a browser tool.
Is my token safe?
Yes. All decoding happens locally in your browser. Your token is never sent to any server. However, avoid sharing JWT tokens publicly as they may contain sensitive data.
Is this tool free?
Yes, 100% free. No account, no ads.