JWT Decoder
Decode JSON Web Tokens to inspect header, payload, and expiration
Paste a JWT token above to decode it
Decodes JWT tokens locally. Signature verification requires the secret key and is not performed. All processing happens in your browser.
About JWT Decoder
Decode JSON Web Tokens (JWTs) to inspect their header, payload, and metadata without needing a secret key. JWTs are the standard token format for authentication and authorization in modern web APIs, single sign-on systems, and OAuth flows. This decoder splits the token into its three parts (header, payload, signature), shows the decoded JSON, and highlights important fields like expiration (exp), issued-at (iat), issuer (iss), and audience (aud). Bearer prefixes are stripped automatically. All decoding happens locally — your tokens are never sent to a server.
How to Use JWT Decoder
- Paste a JWT (with or without the Bearer prefix) into the input field.
- The header and payload are decoded and displayed instantly.
- Review expiration, issued-at, and other standard claims highlighted in the output.
- Copy decoded sections using the copy button.
JWT Decoder FAQ
Does this tool verify JWT signatures?
No. This tool decodes the header and payload and displays metadata. Signature verification requires the signing key, which should not be entered into a browser tool.
Can I paste tokens with Bearer prefix?
Yes. The tool automatically strips the Bearer prefix before decoding.
What JWT claims are highlighted?
Standard claims like exp (expiration), iat (issued at), nbf (not before), iss (issuer), sub (subject), and aud (audience) are identified and displayed with human-readable labels.
Is my token sent to a server?
No. All decoding happens locally in your browser. Your JWT and its contents never leave your device.
Can I decode expired tokens?
Yes. The decoder works on any valid JWT structure regardless of expiration status. It will show the expiration time so you can see when the token expired.