JWT Decoder

Paste a JSON Web Token to decode and inspect its header, payload, and signature.

How to Use

  1. 1Paste your JWT string into the input field.
  2. 2View the decoded header and payload in formatted JSON.
  3. 3Check the expiration, issued-at, and other standard claims.
  4. 4Optionally verify the signature by providing a secret or public key.

Frequently Asked Questions

Is it safe to paste my JWT into this tool?

Yes. All decoding happens locally in your browser. The token is never transmitted to any server.

Can this tool verify a JWT signature?

It can verify HMAC-based signatures (HS256, HS384, HS512) if you provide the secret. For RSA or ECDSA tokens, you can supply the public key for verification.

What does it mean when a JWT is expired?

The 'exp' claim in the payload indicates when the token becomes invalid. If the current time is past that timestamp, the token is expired and should no longer be accepted by servers.

Related Tools

#

Base64 Encode/Decode

Encode text to Base64 or decode Base64 back to plain text.

 { }

JSON Formatter

Format, validate, and beautify JSON data with syntax highlighting.

 โŒš

Epoch Converter

Convert between Unix timestamps and human-readable dates instantly.