JWT Decoder

Header
Payload

Free Online JWT Decoder

Decode JSON Web Tokens (JWTs) instantly in your browser. Paste a token to inspect the header, payload claims, algorithm, and expiry status — with human-readable times for iat, exp, and nbf.

No signup or server upload. Decoding runs locally on your device so tokens never leave your browser. This tool reads claims only; it does not verify signatures.

How to use

  1. Paste a JWT (with or without a Bearer prefix) into the token field.
  2. Click Decode, or wait for auto-decode as you type.
  3. Inspect the header and payload JSON panels.
  4. Review expiry status and claim times in the summary chips.

What a JWT contains

  • Header — algorithm (alg) and token type (typ)
  • Payload — claims such as sub, iss, aud, iat, exp
  • Signature — cryptographic proof (shown as-is, not verified here)

Common use cases

  • Debug OAuth / OIDC access and ID tokens
  • Check whether a token is expired before calling an API
  • Inspect custom claims from auth providers
  • Convert iat / exp Unix times to readable dates

Frequently asked questions

Does this verify the JWT signature?

No. Decoding only Base64URL-parses the header and payload. Verifying a signature requires the issuer’s secret or public key and is intentionally out of scope for this decoder.

Is it safe to paste production tokens?

Processing stays in your browser, but treat tokens as secrets. Prefer sample or expired tokens when possible, and avoid pasting long-lived production credentials on shared devices.

Why does the sample token show as expired or valid?

Status depends on the exp claim compared with the current time on your device. The sample includes an exp far in the future so you can see a valid state.

Can I convert claim timestamps separately?

Yes. Use the Unix Timestamp Converter for dedicated epoch conversions.