JWT Decoder

Decode and inspect JSON Web Tokens.

The decoded header and payload will appear here.

About the JWT Decoder

Decode and inspect JSON Web Tokens locally. Paste a JWT to see its header and payload claims in readable JSON — handy for debugging auth flows. Tokens are decoded in your browser and never sent anywhere.

How to use it

  1. 1Paste a JWT (the xxxxx.yyyyy.zzzzz string).
  2. 2Read the decoded header and payload, including standard claims.
  3. 3Check expiry and issuer while you debug.

Frequently asked questions

Does this verify the token's signature?
No — it decodes and displays the contents for inspection. It does not validate the signature, and your token never leaves your browser.
Is it safe to paste a real token?
Decoding happens entirely client-side, but treat any live token as a secret and avoid sharing your screen.