Developer tools · Web Http
JWT Decoder
Decode and inspect JWT tokens in your browser. View the header, payload claims, algorithm, expiry time, and subject — no server, no logging, 100% client-side.
How it works
Decodes a JSON Web Token (JWT) without verifying the signature. Shows the header (algorithm and token type), the payload (claims such as subject, issuer, and expiry), and token metadata. The signature is not checked — this is a debugging tool only.
Step by step
- 1Split the JWT on '.' to get the three parts: header, payload, signature.
- 2Base64URL-decode the header and payload sections.
- 3Parse each as JSON and display the claims.
- 4Extract the 'exp' claim (Unix timestamp) to show the expiry time and whether the token has expired.
Examples
Decode a sample JWT
The header reveals HS256 algorithm, the payload shows sub and name claims.
Inputs
- token:
- eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Result
- header:
- { "alg": "HS256", "typ": "JWT" }
Frequently asked questions
Is it safe to paste my JWT here?▾
This tool runs entirely in your browser — no data is sent to any server. However, avoid sharing JWTs with sensitive claims (e.g., access tokens) in untrusted environments.
Does this verify the JWT signature?▾
No. This is a decoding tool for inspection and debugging. Signature verification requires the secret key or public key and should be done on your server.