JWT Decoder
Use this decoder to inspect the readable header, claims, and common timestamp fields inside a JSON Web Token while debugging authentication flows.
Compact three-segment JWTs only. Maximum input size: 64 KiB.
Decoded token
Your result will appear here.A focused browser utility
Use this decoder to inspect the readable header, claims, and common timestamp fields inside a JSON Web Token while debugging authentication flows.
Local by default
This tool runs entirely in your browser. There is no account, server-side processing, or input history.
Three quick steps
- Paste a compact JWT with its dot-separated segments or load the safe example.
- Decode the token to view its header, payload, and recognized time claims.
- Review the signature warning and copy only the decoded data you need.
Input and output
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTEyMyIsImlhdCI6MTcwMDAwMDAwMH0.signatureOutput
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"user-123","iat":1700000000}
Signature verified: NoFrequently asked questions
Does decoding a JWT prove that it is valid?
No. Decoding only reveals Base64URL-encoded content. Signature verification requires a trusted key, an allowed algorithm, and claim validation.
Can this tool decrypt a JWE?
No. Encrypted JSON Web Encryption tokens require decryption keys and are different from the three-part signed JWT format handled here.
Is the token sent to a server?
No. The token is decoded in your browser and is not uploaded, logged, or saved by this site.