Decode and inspect JSON Web Tokens. All processing happens in your browser.
Runs in your browser
Signature cannot be verified client-side. Verification requires the secret key or public key on a server.
Token Timeline
The JWT Decoder lets you instantly decode and inspect any JSON Web Token (JWT) without needing a private key. JWTs are the standard authentication token format used by REST APIs, OAuth 2.0 systems, and single sign-on (SSO) providers. They consist of three Base64URL-encoded parts - Header, Payload, and Signature - separated by dots.
Decoding a JWT reveals the claims inside: user ID, email, roles, expiration time (exp), issued-at time (iat), and any custom claims your application adds. The signature section is also decoded and displayed, though verifying it requires the secret key (which this client-side tool does not do).
Common use cases: debugging authentication issues, understanding what claims your identity provider sends, checking token expiration, and inspecting third-party API tokens during integration development.
Paste your JWT token (the full string including all three dot-separated sections) into the input. The decoder immediately splits it into Header, Payload, and Signature, decodes each section, and displays the JSON in a formatted, readable structure.
The expiry indicator shows whether the token is still valid based on the exp claim. Hover over any timestamp claim to see it converted to a human-readable date and time. Click any value to copy it.