JWT Decoder & Inspector

Decode JSON Web Tokens and inspect header, payload, claims, and expiry. 100% client-side — your token stays private.

JWT Decoder

Decode and inspect JSON Web Tokens (JWT). Paste a JWT to view its header, payload claims, and signature. This tool does not verify the signature — never trust a token based on this output alone.

JWT Token

FAQ

What is a JWT?▼

A JSON Web Token (JWT) is a compact, URL-safe token that encodes a JSON object. It consists of three Base64url-encoded parts: header, payload, and signature, separated by dots.

Does this tool verify the JWT signature?▼

No. Signature verification requires the secret key or public key used to sign the token. This tool only decodes and displays the contents — never trust payload data without server-side verification.

Is it safe to paste my JWT here?▼

All decoding is done entirely in your browser. Your token is never sent to any server. However, as a best practice, avoid pasting real production tokens into any public online tool.

What algorithms does JWT support?▼

Common algorithms include HS256 (HMAC-SHA256), RS256 (RSA-SHA256), and ES256 (ECDSA). The algorithm is specified in the 'alg' field of the header.

Frequently Asked Questions

Does this tool verify the JWT signature?

No. This tool only decodes the Base64-encoded header and payload. Signature verification requires the secret key and should be done server-side.

What is a JWT token?

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims between two parties. It consists of three Base64url-encoded parts: header (algorithm), payload (claims), and signature.

Is my JWT token sent to a server?

No. All decoding happens in your browser using JavaScript. Your token never leaves your device. Never share JWTs containing sensitive data.