Security Tools
Browser-only tool

JWT Decoder

Inspect JWT header, payload, expiration, and issued-at timestamps locally.

Decode JWT

Header
Payload

Expiration: Not present

Issued at: Not present

How it works

  • The token is split into header and payload sections.
  • Each section is Base64URL decoded and parsed as JSON.
  • Signatures are not verified by this decoder.

FAQ

Does this validate the JWT?

No. It decodes only and does not verify the signature.

Should I paste production tokens?

Avoid pasting sensitive production tokens unless you understand the risk.