JWT Token Decoder & Inspector
Decode and inspect JSON Web Tokens to see the header, payload, and claims. Client-side only -- your tokens stay private.
Runs in your browser. No data leaves your device.
Frequently Asked Questions
How does the JWT Decoder work?
A JWT is three Base64URL-encoded segments separated by dots: header, payload, and signature. The tool splits on the dots, decodes each segment from Base64URL to a UTF-8 string, and parses the header and payload as JSON. Timestamp claims like exp, iat, and nbf are automatically converted to human-readable dates. No secret key is needed because JWTs are encoded, not encrypted.
Is it safe to paste my JWT here?
Yes. The decoding happens entirely in your browser. Your token is never sent to any server. JWTs are base64-encoded (not encrypted), so decoding does not require any secret key.
What information can I see in a JWT?
The header (algorithm and token type), the payload (claims like user ID, email, expiration time, roles), and the signature. The tool formats each section as readable JSON.
Does this verify the JWT signature?
This tool decodes and displays the token contents. It does not verify the signature, as that requires the server's secret key or public key, which should never be shared in a browser tool.