Security

JWT Decoder

Use this decoder to inspect the readable header, claims, and common timestamp fields inside a JSON Web Token while debugging authentication flows.

Your data never leaves this browser
Local only

Compact three-segment JWTs only. Maximum input size: 64 KiB.

Decoded token

Ready
Your result will appear here.
What this tool does

A focused browser utility

Use this decoder to inspect the readable header, claims, and common timestamp fields inside a JSON Web Token while debugging authentication flows.

Built for privacy

Local by default

This tool runs entirely in your browser. There is no account, server-side processing, or input history.

How to use

Three quick steps

  1. Paste a compact JWT with its dot-separated segments or load the safe example.
  2. Decode the token to view its header, payload, and recognized time claims.
  3. Review the signature warning and copy only the decoded data you need.
Example

Input and output

Input

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTEyMyIsImlhdCI6MTcwMDAwMDAwMH0.signature

Output

Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"user-123","iat":1700000000}
Signature verified: No
Common questions

Frequently asked questions

Does decoding a JWT prove that it is valid?

No. Decoding only reveals Base64URL-encoded content. Signature verification requires a trusted key, an allowed algorithm, and claim validation.

Can this tool decrypt a JWE?

No. Encrypted JSON Web Encryption tokens require decryption keys and are different from the three-part signed JWT format handled here.

Is the token sent to a server?

No. The token is decoded in your browser and is not uploaded, logged, or saved by this site.

Keep working