A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three parts separated by dots: a header, a payload, and a signature. JWTs are commonly used for authentication and information exchange in web applications.

JWT Decoder — Decode & Verify JSON Web Tokens

JWT Decoder

Decode & Verify JSON Web Tokens — Instantly In Your Browser

Paste a JWT to see its header, payload, and claims explained in plain English. Check expiration status at a glance, and optionally verify the signature with HMAC, RSA, or ECDSA. Everything runs in your browser — your token and keys never leave your device.

🔒 Runs entirely in your browser — your token and keys are never transmitted to any server

Quick Start:

JWT Token

Header

Payload

Signature (Not Verified)

Token Status

—

Claims

Claim	Meaning	Value

Verify Signature (Optional)

Shared Secret

All decoding and signature verification runs locally in your browser. Your token, secret, and keys are never transmitted to a server. Treat tokens and keys like passwords — avoid pasting real production secrets into any online tool.

How to Use the JWT Decoder

Paste Your JWT

Paste your JSON Web Token into the Token field, or click Load Example Token to see the tool in action right away. The token decodes automatically as you type or paste — nothing is sent anywhere.

Review the Decoded Header and Payload

The Header and Payload panels show the formatted contents of your token. The Claims table below explains each standard field — like who issued the token and when it expires — in plain English next to its actual value.

Check the Token Status

The status panel tells you instantly whether the token is Valid, Expired, or has No Expiration Set, along with a plain-English time remaining or elapsed — perfect for debugging authentication issues.

Verify the Signature (Optional)

Choose the algorithm family — HMAC, RSA, or ECDSA — then enter your shared secret or public key (PEM or JWK format) and click Verify Signature. The result tells you whether the signature matches, computed entirely on your device.

Frequently Asked Questions

What is a JWT?

Is decoding a JWT the same as verifying it?

Is my token or key sent to a server?

What signing algorithms are supported for verification?

Why does the tool say my token is expired?

Should I paste a real production token or key into this tool?

JWT Decoder

How to Use the JWT Decoder

Frequently Asked Questions

Related Tools