Decode JSON Web Tokens to inspect header, payload, and expiration status. Runs entirely in your browser — no data sent to any server.
JSON Web Tokens are widely used for authentication and authorization in modern web applications. This free JWT decoder lets you paste any token and instantly see its decoded header (algorithm and type) and payload (claims and data) without needing to write any code or install any tools.
Every JWT consists of three parts separated by dots: the header (specifying the algorithm), the payload (containing the claims), and the signature (for verification). This tool decodes the first two parts and checks whether the token has expired based on the exp claim, helping you quickly debug authentication issues.
A JWT is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three Base64-encoded parts: header, payload, and signature.
No. Decoding simply reads the header and payload, which are Base64-encoded and not encrypted. Verification checks the signature against a secret or public key to confirm the token hasn't been tampered with.
The payload contains claims — statements about the user and metadata. Common claims include sub (subject), iat (issued at), exp (expiration time), and custom application-specific data.