JWT decoder

Decode a JSON Web Token's header and payload in your browser. Signatures are shown but not verified.

Runs in your browser Instant No signup, no tracking

About this tool

Paste any JWT to see its decoded header and payload as JSON, plus human-readable ISO timestamps for the standard `iat`, `exp`, and `nbf` claims. The `Bearer ` prefix is stripped automatically. **Signatures are not verified** — a decoded JWT is not a valid JWT. Verify server-side with the issuer's key before trusting anything inside. Everything runs in your browser, so pasting a live token is safe.

Example

Paste the input on the left and you will get output like this:

Sample JWT

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFkYSBMb3ZlbGFjZSIsImlhdCI6MTcwNDA2NzIwMCwiZXhwIjoxNzM1Njg5NjAwfQ.abc123

Resulting Decoded JSON

{
  "header": {
    "alg": "HS256",
    "typ": "JWT"
  },
  "payload": {
    "sub": "1234567890",
    "name": "Ada Lovelace",
    "iat": 1704067200,
    "exp": 1735689600
  },
  "signature": "abc123",
  "signatureVerified": false,
  "humanTimestamps": {
    "iat": "2024-01-01T00:00:00.000Z",
    "exp": "2025-01-01T00:00:00.000Z"
  }
}

How to use JWT decoder

  1. Paste or type your JWT into the left pane.
  2. The Decoded JSON appears instantly in the right pane. Conversion runs in your browser — nothing is uploaded.
  3. Copy the result to your clipboard or download it as a file.

FAQ

Does this verify the signature?
No. Verification requires the issuer's secret or public key, which belongs on your server. This tool only decodes the base64url payload.
Is my token uploaded anywhere?
No. Decoding runs entirely in your browser. Open the network tab to confirm.
Which JWT variants work?
Any JWS-compact-serialization JWT (header.payload.signature). Encrypted JWEs are not decoded.