Decode JSON Web Tokens

A free online JWT decoder that runs in your browser. Paste a JSON Web Token and the tool splits it into the three base64url segments (header, payload, signature), decodes each, and renders the JSON. Above the output, status pills show "well-formed", the algorithm from the header, and the validity window — green if currently valid, yellow if before nbf, red if past exp. Below, registered claims (iss, sub, aud, exp, nbf, iat, jti) are listed with their RFC 7519 meanings; iat/exp/nbf are also formatted as ISO timestamps.

How to use

1
Paste your JWT

Three base64url-encoded segments separated by dots.

2
Read header + payload

Decoded JSON is shown on the right.

3
Check the status pills

alg, validity window, exp/nbf countdowns.

4
Inspect registered claims

Each well-known claim is explained inline.

🔥 Trending right now
🗣️ Text to Speech Video Enhancer ✂️ Trim Audio Audio Enhancer 🎭 Voice Changer 🎙️ Vocal Remover 🎬 Create Video from Audio 🎬 Trim Video

Inspect JWT header, payload, expiry, and registered claims — without verifying

Header header

        
 
 
Payload payload

            

        
 
  
      
 
Heads up: this tool only DECODES the JWT — it does NOT verify the signature. Anyone can craft a JWT with arbitrary contents. Use it to inspect what a token CLAIMS, not to trust it. Real verification needs the server-side secret or the issuer's JWKS.


 
 
 
 
 
 
Don't know what to try?
 
400+ free tools — open a surprise
 
 
                🎲 Surprise me
             
 
 
 
 
Features
 
 Three-segment parse  Validity pill  Registered claim hints  Human-readable timestamps  Bad-input friendly  Honest about scope 
 



 
 
Common uses
 
     
  • Inspect an Authorization Bearer token from a curl response.
    •  
  • Debug an "exp expired" 401 from your backend.
    •  
  • Look up the audience claim of a token issued by your identity provider.
    •  
  • Confirm the iat timestamp to find when a session was minted.
    •  
 
 
 
Why use this one
 
Most browser JWT decoders show a verify field that pretends to validate signatures — but they need your server secret to do it. We don't take secrets and we don't pretend. The tool is honest about being decode-only and surfaces validity timing without false sense of security.
 
 


 
Frequently asked questions
 
 
  
Does it verify the signature?
   
No. Verification requires the server's secret (for HS algorithms) or the issuer's public key (for RS / ES / EdDSA). Both are server-side concerns — never enter your secret into a third-party tool.
 
 
  
Is JWT decoding safe in the browser?
   
Yes — decoding is just base64url + JSON.parse. The tool never sends the token anywhere. Just remember decoded ≠ verified.
 
 
  
What if my JWT has extra dots?
   
A standard JWT has exactly three segments. JWE (encrypted) has five segments and looks similar; this tool will surface "Invalid JWT" because it doesn't support JWE decryption (would need recipient keys).
 
 
  
Why does the validity show green when I know the token is expired upstream?
   
The pill compares the token's exp claim against your browser's clock. If your clock is wrong, the pill is wrong. Check the actual exp value below.
 
 
  
Non-registered claims?
   
Any custom claims (role, scope, tenant, etc.) appear in the Payload pane. Only the seven RFC 7519 registered claims get an explanation block.
 
 
  
Mobile?
   
Yes. Paste, read, copy.
 
 




 
💡 Want us to improve this tool just for you?
 
We can — and it's free! Just send us a quick message with your idea. If you'd like to discuss it in detail, leave your email and we'll get back to you. You can stay anonymous.
 



 
You May Also Like
 
  🔤 Base64   # Hash Generator   🔎 Regex Tester   🔗 URL Encoder   🆔 UUID Generator  



 
 
 
 
How do you rate this tool?
 
 
      
 
  Thank you for your rating! 
 
   
 
Want to share more? Leave a comment!
 
 
                                
                
 
 
    
 
 
 
            Thank you! Your comment will appear after moderation.
        
  





 
Who is this tool for?
 
  💻
            Developers & IT Pros
         


 


  

  
        Published