JWT Decoder
Decode JWT tokens and inspect header, payload, and signature. Expiry countdown, claim explanations, and field copying.
Paste a JWT token and click Decode JWT to inspect its contents.
About This Tool
JWT (JSON Web Token) is a compact, URL-safe means of representing claims between two parties. It's widely used for authentication, authorization, and information exchange in web applications and APIs. This tool lets you decode and inspect JWT tokens directly in your browser.
How It Works: A JWT consists of three Base64Url-encoded parts separated by dots: header.payload.signature. The header describes the token type and signing algorithm. The payload contains the claims (data). The signature verifies the token hasn't been tampered with.
Token Expiry: If the token contains an exp (expiration) claim, the tool shows a countdown or a red warning if the token has expired. Standard claims like iat, sub, iss are explained inline.
Privacy & Security: All decoding happens entirely in your browser using JavaScript. Your JWT tokens are never sent to any server, logged, or stored. However, never paste real production tokens on untrusted or shared computers — the decoded data may contain sensitive user information.
Common Uses: JWTs are used by OAuth 2.0, OpenID Connect, Firebase Auth, Auth0, and countless custom authentication systems. Developers use this decoder to debug token payloads, verify claim values, and check token expiration during development and testing.