JWT Decoder
Decode JSON Web Tokens and inspect header, payload, and signature. Shows expiration status. Runs 100% in your browser — nothing is sent anywhere.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe format for representing claims between two parties. It consists of three Base64URL-encoded parts separated by dots: header (algorithm and token type), payload (claims like user ID and expiration), and signature (ensures the token hasn't been tampered with).
Security note
Decoding a JWT does NOT verify it. Anyone who intercepts a JWT can read its payload — that's why sensitive data should not be placed in the payload. Verification requires the signing key, which should never leave your backend. This tool only decodes for inspection; it does not validate signatures.