JWT Decoder
Decode JWT header and payload. Inspect claims without leaving your browser.
Runs entirely in your browser — files never uploaded
Header
{
"alg": "HS256",
"typ": "JWT"
}Payload
{
"sub": "1234567890",
"name": "Jane Doe",
"iat": 1516239022
}Issued at (iat)1/18/2018, 1:30:22 AM
Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
We do not verify the signature — that requires the secret/public key, which never belongs in a browser tool.
How to use JWT Decoder
- 1. Paste your JWT. Drop in any JWT — the three dot-separated parts will be split automatically.
- 2. Read the header & payload. Decoded JSON appears side-by-side. Common claims (iat, nbf, exp) are also shown as human dates.
FAQ
Does this verify the signature?
No. Verification requires the secret or public key — those should never leave your server. We only decode the header and payload.
Is my JWT sent anywhere?
No. Decoding happens entirely in your browser. Your token, including the signature, never touches our servers.
What if my JWT is encrypted (JWE)?
We only decode standard JWS tokens. Encrypted JWEs need the decryption key and aren't supported by browser-only tools.
Related tools
Advertisement