Paste a JWT token above to decode it.
Paste a JWT token above to decode it.
JWT Decoder
Decode JSON Web Tokens instantly — inspect the header algorithm, payload claims, expiry timestamps, and raw Base64URL signature. All processing stays in your browser; nothing is ever sent to a server.
JWT Decoder Use Cases
- Inspect authentication tokens during local API development and debugging
- Check token expiry and standard claim values (iss, sub, aud) at a glance
- Teach JWT structure and the role of header, payload, and signature sections
- Troubleshoot authorization failures by examining custom claims in the payload
JWT Decoder FAQ
Is my JWT sent to a server?
No. All decoding happens entirely in your browser. Your token never leaves your device, making this tool safe to use with real authentication tokens.
Does this tool verify the signature?
No. Signature verification requires the secret key or public key. This tool decodes and displays the payload only — use your server-side library to verify authenticity.
What JWT algorithms are supported?
The decoder handles any standard three-part JWT regardless of algorithm (HS256, RS256, ES256, etc.), since it only decodes the Base64URL-encoded content without verifying the signature.
Can I decode large JWTs or token batches?
Inputs exceeding 500KB are automatically offloaded to a Web Worker, keeping the UI thread responsive even for unusually large tokens or test payloads.