JWT Decoder

Decode and inspect JWT tokens — view header, payload, claims, expiry, and signature info without a secret key.

About JWT Decoder

JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims between two parties. A JWT consists of three Base64url-encoded parts separated by dots: the header (algorithm and token type), the payload (claims — the actual data), and the signature (verification hash). This decoder reveals the header and payload instantly without needing the secret key — the signature cannot be verified without it, but the claims are always readable.

Common JWT claims include: iss (issuer), sub (subject/user ID), aud (audience), exp (expiration timestamp), iat (issued at timestamp), nbf (not before), and jti (JWT ID). This decoder shows all claims with human-readable timestamps for exp and iat, making it easy to check if a token is expired or inspect what permissions it grants.

Important: JWTs are encoded, not encrypted. The payload is visible to anyone. Never store sensitive data (passwords, credit cards) in a JWT payload. Use encrypted JWTs (JWE) if you need confidentiality.

FAQ

Can I verify the JWT signature with this tool?
No — signature verification requires the secret key (for HMAC algorithms like HS256) or the public key (for RSA/ECDSA algorithms like RS256). This tool only decodes the payload. To verify signatures, use your application code or a server-side JWT library.
What does "JWT expired" mean?
The exp (expiration) claim contains a Unix timestamp. If the current time is past that timestamp, the token is expired and should be rejected by the server. Most JWT libraries check expiry automatically. This decoder shows the expiry time in human-readable format so you can check at a glance.
Is it safe to paste my JWT here?
This tool runs entirely in your browser — no data is sent to any server. However, treat production JWTs like passwords. For sensitive tokens, consider testing with a non-production token or creating a sample token specifically for debugging.

Related Tools

JWT GeneratorSecurity ToolsBase64 DecodeSecurity ToolsPassword GeneratorSecurity ToolsAPI Key GeneratorSecurity ToolsHMAC GeneratorSecurity Tools