JWT Decoder
Decode JSON Web Tokens locally in your browser. Inspect the header, payload, and signature. Tokens never leave your device.
Decoded entirely in your browser. Nothing is sent to a server.
What is a JWT Decoder?
A JWT decoder splits a JSON Web Token into its three base64url-encoded parts (header, payload, signature) and decodes the first two so you can read the claims inside. This decoder runs entirely in your browser so sensitive tokens never travel across the network.
FAQs
Does this verify the signature?
No. Decoding shows you what is inside a token, but verification requires the issuer's signing key. This tool intentionally stays client-side, so it cannot fetch keys.
Is it safe to paste production tokens?
The decoding happens in JavaScript inside your browser tab. Nothing is sent to any server. Still, treat JWTs as secrets, and close the tab when you're done.
What do iat, exp, nbf mean?
Standard JWT claims for issued-at, expiry, and not-before, in seconds since epoch. If exp is present, this decoder shows a human-readable date and an expired / valid badge.