JWT Decoder
Decode JSON Web Tokens to inspect the header, payload, claims, signature, and expiration status.
Frequently Asked Questions
What is a JWT (JSON Web Token)?
A JWT is a compact, URL-safe token format used for authentication and authorization. It consists of three Base64URL-encoded parts: header (algorithm info), payload (claims/data), and signature (verification).
Does this tool verify JWT signatures?
No. This tool only decodes the JWT to display its contents. Signature verification requires the secret key or public key, which should never be shared with online tools for security reasons.
Can I see if my JWT is expired?
Yes. The tool checks the 'exp' (expiration) claim and clearly indicates whether the token is expired or still valid, along with the human-readable expiration date.
Is it safe to paste my JWT here?
Yes. All decoding happens entirely in your browser. The JWT never leaves your device. However, remember that JWTs are not encrypted — anyone with the token can read the payload, so avoid sharing tokens containing sensitive data.