JWT Decoder
Decode JWT tokens and inspect header, payload, and signature
⚠ Token expired at
✓ Valid until
Header
Payload
Signature (encoded)
About the JWT Decoder
JSON Web Tokens (JWTs) are a compact, URL-safe format for representing claims between two parties. They consist of three Base64URL-encoded parts — header, payload, and signature — separated by dots. This decoder splits and decodes all three parts so you can inspect the token's contents without any server-side code.
Useful for debugging authentication flows, inspecting token expiry times, checking issued-at and subject claims, and verifying that your token-generation code is producing the correct payload. Note: this tool decodes only — it does not verify the signature, so always validate tokens server-side before trusting their contents.
Frequently asked questions
Is the signature verified?
No — this tool only decodes. Verifying a signature requires the issuer's secret or public key, which never leaves your server. Use this to inspect token contents, not to authenticate them.
What are the three parts of a JWT?
Header (algorithm and token type), payload (the claims — user id, expiry, etc.), and signature (HMAC or RSA over the first two parts). They're joined by dots and Base64-URL-encoded.