JWT Decoder
Decode and inspect JSON Web Tokens. View header, payload and expiration status.
About JWT Decoder
Paste any JSON Web Token and instantly see its decoded header (algorithm, type) and payload (claims) as readable JSON. Automatically checks the exp claim and shows whether the token is valid or expired. Displays issued-at and expiry timestamps in human-readable format. Tokens are decoded entirely in your browser — never transmitted to a server.
All processing happens entirely in your browser using modern web APIs. Nothing is uploaded to our servers — your data stays local and private. Free to use forever.
Common use cases
- Debugging authentication issues by inspecting JWT claims in development
- Checking token expiry without needing a server or JWT library
- Verifying the algorithm and key type used in a JWT header
- Reading user roles, permissions, or custom claims from an access token
- Investigating JWTs from third-party OAuth providers
How it works
A JWT consists of three Base64URL-encoded parts separated by dots: header.payload.signature. This tool splits on the dots, decodes each part with atob() (handling Base64URL padding), and parses the JSON. The signature is displayed but not verified — signature verification requires the secret or public key, which should never be shared client-side.