Back to Developer Tools

JWT Decoder

Decode and inspect JSON Web Tokens. No secret needed — runs entirely in your browser.

About This Tool

Free JWT decoder online — paste any JSON Web Token and instantly decode and inspect the header, payload, and signature in a readable format. 100% client-side: your JWT never leaves your browser. JWT (JSON Web Token) is the standard format for authentication and authorization tokens used by OAuth2, OpenID Connect, and most modern REST APIs. The header identifies the signing algorithm (RS256, HS256, etc.). The payload contains claims: user ID, email, roles, expiry time (exp), issued-at time (iat). The signature verifies authenticity. Developers use this tool to debug login flows, inspect claims returned by an auth provider, check token expiry, and understand what data the backend is reading from a token — without writing a single line of code.

How to Use

  1. 1

    Paste your JWT

    Copy a JWT (the three dot-separated Base64 strings) and paste it into the input field.

  2. 2

    Inspect the decoded parts

    See the Header (algorithm and type), Payload (claims and data), and Signature (the verification hash) displayed as formatted JSON.

  3. 3

    Check claims

    Look at exp (expiry), iat (issued at), and sub (subject/user ID) to verify the token is valid and contains the expected data.

Frequently Asked Questions

Can the JWT decoder verify the signature?+
Not without the secret or public key. The decoder shows the decoded header and payload but cannot cryptographically verify the signature without the signing key. For signature verification, use your server-side JWT library.
Is it safe to paste my JWT here?+
For development/test tokens, yes — everything runs in your browser. For production tokens with real user data, be aware that JWTs contain unencrypted claims (only encoded in Base64, not encrypted). Treat production JWTs as sensitive credentials.
What does exp mean in a JWT payload?+
exp is the "Expiration Time" claim — a Unix timestamp (seconds since Jan 1, 1970) after which the token is no longer valid. A token with exp: 1720000000 expires at that specific date and time.

Related Tools

Base64 Decoder

Try it free →

JSON Formatter

Try it free →

SHA Hash Generator

Try it free →

AES Encryption

Try it free →