JWT Decoder

Decode and inspect JSON Web Tokens — header, payload, and signature

JWT Token

What is a JWT Decoder?

A JWT (JSON Web Token) Decoder is a tool that decodes and inspects the three parts of a JWT — the header, payload, and signature — into human-readable JSON. It lets you quickly verify token claims, check expiration times, and debug authentication issues without writing code.

How to Use This JWT Decoder

Paste your JWT token into the input area. JWTs look like xxxxx.yyyyy.zzzzz.
The header and payload sections are decoded from Base64url and displayed with syntax highlighting.
Check the expiry info bar for token expiration or issuance timestamps.
Copy decoded JSON from any section using the copy button.
Note: the signature section is displayed raw — verifying signatures requires your secret key and is not done client-side.

Common Use Cases

Debugging authentication tokens in OAuth 2.0 and OpenID Connect flows.
Checking exp, iat, and nbf claims to troubleshoot token expiry issues.
Inspecting user roles, permissions, and scopes embedded in the payload.
Verifying that a token's alg header matches your expected signing algorithm.

Frequently Asked Questions

Does this tool verify the JWT signature?

No. This decoder only decodes the token parts — it does not verify the cryptographic signature. Signature verification requires the signing secret or public key and should be done server-side in your application.

Is my token sent to a server?

No. Decoding happens entirely in your browser. Your JWT never leaves your device, making it safe to inspect tokens from production environments.

What algorithms do JWTs support?

JWTs support HMAC (HS256, HS384, HS512), RSA (RS256, RS384, RS512), ECDSA (ES256, ES384, ES512), and RSASSA-PSS (PS256, PS384, PS512). The algorithm is specified in the token's alg header claim.