Make Tools
🔐

JWT Decoder

Decode and inspect JSON Web Tokens (JWTs) defined in RFC 7519. A JWT consists of three Base64URL-encoded parts: header (algorithm and token type), payload (claims), and signature. This tool decodes all parts and displays the exp (expiration), iat (issued at), nbf (not before), and custom claims. Note: decoding only — signature verification requires the secret key or public key.

Frequently Asked Questions

Is my JWT sent to a server?
No. JWT decoding is performed entirely in your browser using Base64URL decoding (RFC 4648 section 5). Your token is never transmitted to any server. The tool splits the JWT on the period separator, decodes each part, and displays the JSON contents. No network requests are made during the decoding process.
Can it verify signatures?
This tool only decodes JWTs. It does not verify signatures, as that requires the secret key.
Token Expired?
If the JWT has an exp claim and current time is past it, the tool shows the token as expired.

Related Tools

{ }JSON Formatter & Validator🔐Base64 Encode & Decode#️⃣Hash Generator (MD5, SHA-256, SHA-512)

How to Use

  1. 1 Paste a JSON Web Token (JWT) into the input field.
  2. 2 The tool automatically decodes the header, payload, and shows signature status.
  3. 3 Check the expiration time (exp claim) and issued-at time (iat claim).
  4. 4 Note: this tool decodes only - it does not verify signatures.