JWT Decoder
Decode and inspect JSON Web Tokens (JWT) instantly. View header, payload, and signature without verification.
Features
- ✓Decode JWT header and payload instantly
- ✓View expiration and issued-at timestamps
- ✓Check if token is expired
- ✓Display all claims in formatted JSON
- ✓Copy decoded sections with one click
- ✓Works offline - your tokens stay private
How to Use
- 1Paste your JWT token in the input field
- 2View the decoded header showing algorithm and type
- 3Inspect the payload with all claims formatted
- 4Check expiration status and timestamps
- 5Copy any section to your clipboard
Examples
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Output
Header: { "alg": "HS256", "typ": "JWT" }
Payload: { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 }Input
A JWT with exp claim shows expiration status
Output
Expires: 2024-12-31 23:59:59 Status: Valid (not expired)
What is a JWT Decoder?
JSON Web Tokens (JWT) are a compact, URL-safe way to represent claims between two parties. They are widely used for authentication and information exchange in web applications. A JWT consists of three parts: a header, a payload, and a signature, each encoded in Base64URL format and separated by dots.
The header typically contains the token type (JWT) and the signing algorithm (like HS256 or RS256). The payload contains claims - statements about the user and additional metadata. Standard claims include iss (issuer), sub (subject), exp (expiration), iat (issued at), and custom claims specific to your application.
A JWT decoder parses the token and displays its contents in a readable format. This is useful for debugging authentication issues, inspecting token claims, and understanding what data your tokens contain. Note that decoding is different from verification - anyone can decode a JWT, but only the server with the secret key can verify its authenticity.
Our JWT decoder extracts and formats the header and payload as JSON, making it easy to read the claims. It also interprets timestamp claims like exp and iat, converting Unix timestamps to human-readable dates. The tool shows whether the token has expired based on the current time.
Since JWTs often contain sensitive information like user IDs, roles, and permissions, privacy is important. This decoder runs entirely in your browser - your tokens are never sent to any server. This makes it safe to decode production tokens without risk of exposure.