JWT Decoder
Paste a JWT token to instantly decode and inspect the header, payload, and signature. Runs entirely in your browser — nothing is sent to a server.
How to use
- Paste your JWT token into the input field.
- The header and payload are decoded and pretty-printed automatically.
- Click Copy on any panel to copy that section to your clipboard.
Frequently asked questions
Is it safe to paste my JWT into this tool?
Yes. All decoding happens in your browser. Your JWT is never sent to a server. The tool uses only JavaScript's built-in atob() function to decode the Base64url-encoded parts.
What is a JWT?
A JWT (JSON Web Token) is a compact, URL-safe token format used to transmit claims between parties. It consists of three Base64url-encoded parts: header, payload, and signature, separated by dots.
Can this tool verify the JWT signature?
No. Signature verification requires the secret key or public key used to sign the JWT. This tool only decodes the header and payload — it does not validate or verify the signature.
What does the exp claim mean in a JWT payload?
The exp claim is the expiration time, expressed as a Unix timestamp. If the current time is past the exp value, the token is expired. You can use the Unix Timestamp Converter tool to convert it to a human-readable date.