Code Tool
JWT Decoder
Decode JSON Web Tokens to inspect headers, payload claims, signature presence and token timing for development and debugging.
Decode a JWT
Paste a JSON Web Token to decode the header, payload and signature locally in your browser.
This token does not appear expired. Expires at May 18, 2033, 3:33:19 AM.
Your JWT is decoded in your browser and is not uploaded.
Decoded token
Review the decoded header, payload claims, signature and timing values.
Header
Algorithm: HS256. Token type: JWT.
{
"alg": "HS256",
"typ": "JWT"
}Payload
Expires: May 18, 2033, 3:33:19 AM · Issued at: Jun 1, 2024, 12:00:00 AM · Not before: Jun 1, 2024, 12:00:00 AM · Status: does not appear expired
{
"name": "DevKitYard",
"role": "admin",
"iat": 1717200000,
"nbf": 1717200000,
"exp": 1999999999
}Signature
Full decoded JSON
{
"header": {
"alg": "HS256",
"typ": "JWT"
},
"payload": {
"name": "DevKitYard",
"role": "admin",
"iat": 1717200000,
"nbf": 1717200000,
"exp": 1999999999
},
"signature": "sample-signature",
"claims": {
"algorithm": "HS256",
"tokenType": "JWT",
"expiresAt": "May 18, 2033, 3:33:19 AM",
"issuedAt": "Jun 1, 2024, 12:00:00 AM",
"notBefore": "Jun 1, 2024, 12:00:00 AM",
"expired": false
}
}How to Use JWT Decoder
- Paste a JWT token into the input box.
- Check whether the token has a valid JWT structure.
- Review the decoded header and payload JSON.
- Use the decoded values for development and debugging only.
FAQ
Is my JWT uploaded?
No. The decoder runs in your browser and decodes the token locally.
Does this verify JWT signatures?
No. This tool decodes the header and payload but does not verify the token signature.
Can I decode the payload as JSON?
Yes. Valid JWT header and payload sections are decoded and formatted as readable JSON.
Should I paste production tokens?
Avoid pasting sensitive production tokens into any online tool unless you fully understand the privacy and security implications.