JWT Decoder

Paste a JSON Web Token to decode and inspect its header, payload, and signature.

How It Works

1

Paste your JWT

Paste the full JWT token (the three base64-encoded parts separated by dots).

2

Read the decoded sections

The header (blue), payload (purple), and signature (green) are displayed with formatted JSON.

3

Check expiration

Timestamps are converted to readable dates. Expiration status shows whether the token is still valid.

FAQ

No. Signature verification requires the secret key or public key, which this tool intentionally does not ask for. It only decodes.
Yes. Everything runs in your browser. The token is never sent to any server.
Standard claims: iss (Issuer), sub (Subject), aud (Audience), exp (Expiration), iat (Issued At), nbf (Not Before), jti (JWT ID).

Related Tools

Base64 EncoderImage to Base64Encrypt / DecryptHash Generator

Building something that handles sensitive data?

Plan your security and architecture before writing code — run a Discovery session.

Built & Maintained by Varstatt

Varstatt is a one-person product studio run by Jurij Tokarski, product engineer since 2011. These tools are free and open — no signup, no catch.