JWT Decoder
A JSON Web Token packs three base64url parts — header.payload.signature — separated by dots. This tool splits and decodes the first two so you can see exactly what a token carries.
How to use it
- Paste a token (or click Load sample).
- Read the Header (algorithm and type) and Payload (the claims).
- Scan the Claims table: registered time claims (
exp,iat,nbf) are rendered as local dates, and a badge tells you whether the token is valid, expired, or not yet valid.
Privacy & safety
Decoding happens entirely in your browser — the token never touches a server. This tool decodes only; it does not verify the signature, because verification requires the signing secret or public key, which you should never paste into a website.
