JWT Decoder
Paste any JWT to inspect its header, payload, and signature. Expiry timestamps are surfaced and live-checked against your clock.
- Runs in browser
- No signup
- No tracking
How to use JWT Decoder
Paste your JWT into the input box.
Header and payload appear as formatted JSON.
Check the Valid / Expired indicator.
Inspect iat and exp timestamps below the payload.
When to use it
Debugging why a token is being rejected by an API.
Inspecting the payload of a suspicious token.
Verifying iat / exp claims in tests.
Confirming the signing algorithm (HS256 vs RS256).
What it fixes
Tokens with malformed base64 padding silently failing.
Encoded payloads hidden behind a CLI wall.
No quick way to check if a token is expired without parsing it.
About JWT Decoder
JWTs are three base64url-encoded segments separated by dots: header.payload.signature. The first two contain JSON metadata you can read; the third is a binary signature.
This tool parses the segments and pretty-prints the JSON. It also detects iat (issued-at) and exp (expiry) claims, formats them as UTC, and flags expired tokens.
References: RFC 7519 — JSON Web Token · RFC 7515 — JWS
Frequently asked
Does this verify the signature?
No — this is a decoder, not a verifier. Signature verification needs the secret or public key, which Pro adds. The token is parsed and displayed, not validated.
Is my token sent anywhere?
No. Decoding runs entirely in your browser. The token never leaves the page.
What does the expiry indicator check?
It compares the exp claim (Unix seconds) against your browser's clock and labels the token Expired or Valid.
Discussion
Related tools
All toolsWord Counter
Live word, character, sentence, and reading-time counter with platform limit indicators.
Test & InspectRegex Tester
Test JavaScript regular expressions live. Match highlights, capture groups, all flags.
Test & InspectText Diff Checker
Compare two blocks of text side-by-side or unified. Ignore whitespace and case. Runs locally.
Test & Inspect