JWT Decoder
Decode and inspect JWT tokens β header, payload, and signature.
What the JWT Decoder does
A JSON Web Token (JWT) is a compact, URL-safe token made of three Base64URL-encoded parts separated by dots: a header, a payload, and a signature. This decoder splits the token, decodes the header and payload back into readable JSON, and displays the raw signature so you can inspect exactly what a token contains. It also reads the standard exp claim, if present, and tells you whether the token is still valid or has already expired.
It is built for developers and testers working with authentication systems, APIs, and single sign-on flows who need to quickly see the claims inside a token, such as the subject, issuer, audience, or expiry time, without pulling out a command-line tool.
How to use it
Paste a JWT into the text box and press Decode. The tool separates the token into its three parts and shows the decoded header and payload as formatted JSON, along with the signature string. If the token does not have exactly three dot-separated parts, or a part cannot be decoded, you will see a clear error message instead.
When the payload includes an exp (expiration) claim, a coloured banner reports whether the token is still valid and until when, or that it has expired and when. The exp value is interpreted as seconds since the Unix epoch, which is the JWT standard.
Important note on verification
This tool decodes tokens; it does not verify their signatures. Decoding only reveals the contents and never proves that a token is authentic or untampered, because the signature can only be validated with the secret or public key that issued it. Never trust a decoded payload as proof of identity in a production system without verifying the signature server-side.
Because decoding happens entirely in your browser, your token is never sent to any server. Even so, treat JWTs as sensitive: they often grant access, so avoid pasting live production tokens into any tool you do not control, and prefer expired or test tokens when inspecting.