JWT Decoder
Decode JSON Web Tokens in your browser to inspect the header and payload. See issued-at and expiry times as human dates. Signatures are not verified.
How it works
- 01Paste your JSON Web Token into the input box.
- 02The header and payload are decoded and pretty-printed automatically.
- 03Review exp, iat and nbf claims shown as readable dates.
- 04Copy the decoded header or payload for your notes.
Frequently asked questions
What is a JWT?
A JSON Web Token is a compact, URL-safe token made of three Base64url parts (header, payload and signature) separated by dots. It is commonly used for authentication and session data.
Does this verify the signature?
No. This tool only decodes the header and payload so you can read their contents. It does not verify the signature, so never trust a decoded token's claims without server-side verification.
How are the dates shown?
Standard numeric claims such as exp, iat and nbf are Unix timestamps. The tool converts them into readable local dates and flags whether the token is currently expired.
Is it safe to paste my token here?
Decoding happens entirely in your browser and nothing is uploaded. Still, treat access tokens as secrets: avoid pasting production tokens on any tool, including this one, if they are still valid.
Why can't my token be decoded?
A JWT must have three dot-separated Base64url segments. If a part is missing or the payload is not valid JSON, the tool shows an inline error explaining what went wrong.
