JWT Decoder
Decode and inspect JWT tokens. View header and payload as formatted JSON, check expiration time, and see if the token is expired. All decoding happens in your browser—no tokens are stored or transmitted.
Understanding JWT Tokens
JSON Web Tokens (JWT) are a compact way to represent claims between two parties. A JWT has three parts separated by dots: header, payload, and signature. The header and payload are Base64url-encoded JSON objects. Our decoder parses these so you can inspect the contents without running custom scripts.
Header and Payload
The header usually contains the algorithm (e.g., HS256 or RS256) and token type. The payload holds claims such as sub (subject), exp (expiration), and iat (issued at). The exp claim is a Unix timestamp—we display it in ISO format and indicate whether the token is expired.
Security Note
This tool only decodes the token; it does not verify the signature. Never trust decoded claims without signature verification in a secure environment. Avoid pasting production tokens into unknown tools—this tool runs entirely in your browser, but exercise caution with sensitive data.
Related Tools
- Base64 Encoder/Decoder — Encode and decode Base64 strings.
- JSON Formatter — Format and validate JSON.
- All Free Tools — Developers, calculators, and utilities.