JWT Decoder

Security

Decode and inspect JWT header, payload, and signature without a secret. Displays claims, expiry, algorithm, and validates structure. Works entirely in your browser.

All decoding and verification happens entirely in your browser — tokens, secrets and keys never leave your device.

JWT Token

Paste to auto-decode · signature verified separately

Paste a JWT and click Decode

The header, payload claims, and signature will be displayed here. Supports HS256/384/512 · RS256/384/512 · PS256/384/512 · ES256/384/512.

About JWT Decoder

JSON Web Tokens (JWTs) are compact, URL-safe tokens widely used for authentication and information exchange. This decoder reveals the base64url-decoded header and payload instantly, helping developers debug authentication flows, inspect claims, and verify token structure—without needing the signing secret.

Features

✓Decode JWT header to reveal algorithm and token type
✓Decode payload and display all claims with labels
✓Parse and format registered claims (iss, sub, exp, iat, nbf, aud)
✓Human-readable expiry and issued-at timestamps
✓Highlight expired tokens with visual warnings
✓Color-coded JSON output for readability
✓Works with HS256, RS256, ES256, and other algorithm families
✓Paste directly from browser Alpha DevTools or curl output

Common Use Cases

Debugging authentication issues in web and mobile apps
Inspecting third-party OAuth tokens for claim values
Checking token expiry during development
Verifying the algorithm used in a token before trusting it
Explaining JWT structure in code reviews or documentation

Frequently Asked Questions

QDoes decoding verify the signature?

No. Decoding only base64url-decodes the header and payload. Signature verification requires the secret or public key and should only be done server-side.

QIs it safe to paste my JWT here?

JWTs contain user claims—avoid pasting production access tokens. The tool runs entirely client-side, but best practice is to use test tokens when exploring.

QWhy are some claims showing numbers?

Registered claims like 'exp' and 'iat' are Unix timestamps (seconds since 1970-01-01). The decoder converts these to human-readable date/time strings.

JWT Decoder

Security

Decode and inspect JWT header, payload, and signature without a secret. Displays claims, expiry, algorithm, and validates structure. Works entirely in your browser.

All decoding and verification happens entirely in your browser — tokens, secrets and keys never leave your device.

JWT Token

Paste to auto-decode · signature verified separately

Paste a JWT and click Decode

The header, payload claims, and signature will be displayed here. Supports HS256/384/512 · RS256/384/512 · PS256/384/512 · ES256/384/512.

About JWT Decoder

Features

✓Decode JWT header to reveal algorithm and token type
✓Decode payload and display all claims with labels
✓Parse and format registered claims (iss, sub, exp, iat, nbf, aud)
✓Human-readable expiry and issued-at timestamps
✓Highlight expired tokens with visual warnings
✓Color-coded JSON output for readability
✓Works with HS256, RS256, ES256, and other algorithm families
✓Paste directly from browser Alpha DevTools or curl output

Common Use Cases

Debugging authentication issues in web and mobile apps
Inspecting third-party OAuth tokens for claim values
Checking token expiry during development
Verifying the algorithm used in a token before trusting it
Explaining JWT structure in code reviews or documentation

Frequently Asked Questions

QDoes decoding verify the signature?

No. Decoding only base64url-decodes the header and payload. Signature verification requires the secret or public key and should only be done server-side.

QIs it safe to paste my JWT here?

JWTs contain user claims—avoid pasting production access tokens. The tool runs entirely client-side, but best practice is to use test tokens when exploring.

QWhy are some claims showing numbers?

Registered claims like 'exp' and 'iat' are Unix timestamps (seconds since 1970-01-01). The decoder converts these to human-readable date/time strings.

JWT Decoder

Related Tools

About JWT Decoder

Features

Common Use Cases

Frequently Asked Questions

See Also

JWT Decoder

Related Tools

About JWT Decoder

Features

Common Use Cases

Frequently Asked Questions

See Also