JWT Decoder
This JWT decoder lets you inspect JSON Web Tokens in your browser. View header, payload, signature, expiration status, and claims instantly.
About JWT Decoder
The JWT Decoder is a free browser-based tool that lets developers instantly inspect the contents of any JSON Web Token. Simply paste a JWT into the input field, and the tool breaks it down into its three components: header, payload, and signature.
Header and Payload Inspection
The decoded header reveals the token's algorithm and type, while the payload section displays all claims in a pretty-printed, syntax-highlighted format. Common claims like "iss" (issuer), "sub" (subject), "aud" (audience), and "iat" (issued at) are easy to spot at a glance. If you need to format or validate the payload JSON separately, paste it into the JSON Formatter.
Expiration Checking
One of the most useful features is automatic expiration checking. The tool reads the "exp" claim and compares it against your current system time, clearly indicating whether the token is still valid or has expired. It also shows the "iat" (issued at) timestamp in a human-readable format, so you can quickly understand the token's lifecycle. Need to convert a Unix timestamp from the payload? Use the Unix Timestamp Converter.
Copy and Inspect
Each decoded section includes a copy button, making it easy to grab the header or payload JSON for use in other tools or documentation. The syntax highlighting uses distinct colors for keys, strings, numbers, and booleans to help you visually parse complex payloads.
All processing happens entirely in your browser. No data is ever sent to a server, making this tool safe for inspecting tokens that contain sensitive information such as user IDs, roles, or permissions. This is a decode-only tool and does not perform signature verification, which requires access to the signing key and should always be done server-side.
Frequently Asked Questions
What is a JWT and what are its three parts?
A JSON Web Token (JWT) consists of three Base64URL-encoded parts separated by dots. The header specifies the signing algorithm, the payload contains the claims (data), and the signature is used to verify the token's integrity. This tool decodes the header and payload so you can inspect the claims inside any JWT.
Can this tool verify JWT signatures?
No. Signature verification requires the secret key or public key used to sign the token, which cannot be safely handled in a browser. This tool decodes and displays the token contents for inspection and debugging purposes only. For production signature verification, use a server-side library.
Is it safe to paste my JWT into this tool?
Yes. All decoding happens entirely in your browser using JavaScript. Your token is never transmitted to any server. However, you should still avoid sharing JWTs publicly since they may contain sensitive claims such as user IDs or permissions.
How do I check if a JWT has expired?
After decoding, the tool reads the "exp" (expiration) claim from the payload and compares it to the current time. It displays whether the token is still valid or has expired, along with the exact expiration date and how much time remains or has passed since expiry.