Online JWT decoder
A JWT (JSON Web Token) has three dot-separated Base64URL parts: header, payload and signature. This JWT decoder turns the first two into readable JSON so you can inspect claims (like sub, iss, exp) and see the exp as a human-readable time — handy for debugging auth. Everything is decoded locally.
How to use
- Paste a full JWT into the input box.
- The decoded header and payload appear below in real time.
- Check whether exp has passed and whether the claims are correct.
Important notes
- This decodes only — it does not verify the signature (that needs a secret key, which should never go into an online tool).
- The payload is readable by anyone; never put secrets in it.
- A token is like a password — be careful when sharing.