JWT decoder
Decode a JSON Web Token's header and payload in your browser. Signatures are shown but not verified.
Runs in your browser Instant No signup, no tracking
About this tool
Paste any JWT to see its decoded header and payload as JSON, plus human-readable ISO timestamps for the standard `iat`, `exp`, and `nbf` claims. The `Bearer ` prefix is stripped automatically. **Signatures are not verified** — a decoded JWT is not a valid JWT. Verify server-side with the issuer's key before trusting anything inside. Everything runs in your browser, so pasting a live token is safe.
Example
Paste the input on the left and you will get output like this:
Sample JWT
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFkYSBMb3ZlbGFjZSIsImlhdCI6MTcwNDA2NzIwMCwiZXhwIjoxNzM1Njg5NjAwfQ.abc123
Resulting Decoded JSON
{
"header": {
"alg": "HS256",
"typ": "JWT"
},
"payload": {
"sub": "1234567890",
"name": "Ada Lovelace",
"iat": 1704067200,
"exp": 1735689600
},
"signature": "abc123",
"signatureVerified": false,
"humanTimestamps": {
"iat": "2024-01-01T00:00:00.000Z",
"exp": "2025-01-01T00:00:00.000Z"
}
}How to use JWT decoder
- Paste or type your JWT into the left pane.
- The Decoded JSON appears instantly in the right pane. Conversion runs in your browser — nothing is uploaded.
- Copy the result to your clipboard or download it as a file.
FAQ
- Does this verify the signature?
- No. Verification requires the issuer's secret or public key, which belongs on your server. This tool only decodes the base64url payload.
- Is my token uploaded anywhere?
- No. Decoding runs entirely in your browser. Open the network tab to confirm.
- Which JWT variants work?
- Any JWS-compact-serialization JWT (header.payload.signature). Encrypted JWEs are not decoded.