JWT Decoder
Paste a JSON Web Token to decode and inspect its header and payload.
About JWT Decoder
JSON Web Tokens (JWTs) are a compact, URL-safe way to represent claims between parties — widely used for authentication in web and mobile apps. This JWT Decoder lets you paste any JWT and instantly see the decoded header, payload, and expiration time without needing a private key.
The tool displays all claims in a readable format, highlights the token's expiration (exp), issued-at (iat), and subject (sub) fields, and warns you if the token is already expired. It decodes both header and payload sections from Base64url encoding.
Note: this tool only decodes the token — it does not verify the signature. Use it for debugging and inspection, not signature validation.
Features
- ✓Decode JWT header and payload sections
- ✓Display all claims in a formatted, readable view
- ✓Expiration status indicator (valid vs expired)
- ✓Shows iat, exp, sub, and all custom claims
- ✓100% client-side — token never leaves your browser
Common Use Cases
- →Debugging authentication tokens during development
- →Inspecting what claims an API server is returning
- →Checking token expiration without server-side tools
- →Understanding the structure of OAuth 2.0 access tokens
Frequently Asked Questions
Is it safe to paste my JWT here?
All decoding happens in your browser — nothing is sent to any server. Still, avoid pasting production tokens with sensitive data in untrusted environments.
Can this tool verify the JWT signature?
No. Signature verification requires the secret key or public certificate. This tool only decodes the Base64url-encoded claims.
Why is my JWT showing as expired?
JWTs contain an 'exp' claim (Unix timestamp). If the current time is past that timestamp, the token has expired and must be refreshed.