JWT Decoder
Decode and inspect JWT tokens.
Paste a JWT to decode its header and payload as readable JSON. The token is decoded locally in your browser — it is never sent anywhere, and the signature is not verified.
Decoding only reads the token — it does NOT verify the signature. Never paste secret or production tokens.
Your input is processed locally in your browser — nothing is uploaded, stored or logged.
Saved you time?Buy me a coffee
How it works
- 1 Paste your JWT.
- 2 The header and payload are decoded live.
- 3 Copy either section as JSON.
Common use cases
- Inspect the claims in a token.
- Check expiry and issued-at times.
- Debug authentication during development.
- See which algorithm a token uses.
Frequently asked questions
Is my input sent to a server?
No. Everything runs locally in your browser — your input is never uploaded, stored or logged.
Does this verify the signature?
No. Decoding only reads the header and payload — it does NOT verify the signature, so never trust a decoded token for security decisions.
Is my token uploaded?
No. The token is decoded entirely in your browser and is never sent to a server.
Is it really free?
Yes — free, with no signup and no limits.