JWT Decoder

Decode and inspect JWT tokens instantly. Tokens never leave your browser.

How to Use

1
Paste your JWT

Paste a `xxxxx.yyyyy.zzzzz` token into the input area.

2
Auto-decode

Header and payload are decoded as JSON live; standard claims (exp, iss, aud, sub, iat) are highlighted.

3
Copy or inspect

Copy any JSON section, or check expiration time instantly to gauge validity.

FAQ

Does it verify the signature?

No. This tool only decodes. Signature verification requires the issuer's secret key, which cannot be safely handled client-side.

Is my token safe?

Yes — decoding happens entirely in your browser; the token is never sent to a server. As a general best practice, avoid pasting production tokens into any external tool.

Are JWTs encrypted?

No. Standard JWTs are only base64url-encoded, so anyone can decode them. Never put sensitive data in the payload.

Can I decode expired tokens?

Yes — decoding always works. If `exp` is present, the tool shows whether the token is expired.

Which algorithms are supported?

Decoding is algorithm-agnostic (signature only depends on it). All standard JWTs (HS256, RS256, ES256, etc.) are parsed.

Related Tools

🔐
Hash Generator (MD5/SHA) Generate MD5, SHA-1, SHA-256, SHA-512 hashes from text or files.
🌐
HTML Encoder/Decoder Two-way HTML entity encoding (&, <, >, &) with named, numeric, and ASCII-only options.
🔣
URL Encoder/Decoder Percent-encode or decode URLs and query strings.
⏰
Cron Expression Parser Translate cron into plain English and preview the next 5 runs.