JWT Decoder splits a JSON Web Token into its three parts — header, payload, and signature — and decodes the Base64url-encoded header and payload into readable JSON. Paste a token and instantly inspect its claims: who issued it, who it's for, when it was issued, and when it expires.
The decoder also surfaces useful derived information such as the token's expiration status and human-readable issued-at and expiry times, so you can quickly tell whether a token is still valid.
Key features: decodes header and payload to formatted JSON, shows the signature segment, highlights expiration status, converts iat/exp timestamps to readable dates, and runs entirely client-side.
Important: this tool decodes tokens only — it does not verify the signature. Decoding reveals what a JWT contains, but it does not prove the token is authentic. Never trust a token's claims without verifying its signature on a server using the secret or public key. Because decoding happens entirely in your browser, you can safely inspect tokens that contain sensitive claims — nothing is sent to or logged by any server.
We use cookies for anonymous analytics and ads. Your tool data never leaves your browser.