JWT Decoder
Decode JWT tokens locally. View header, payload, claims, and expiration without sending data.
How to use JWT Decoder
- 1
Paste JWT Token
Copy and paste your JWT token into the input field. The decoding happens instantly in your browser.
- 2
Review Decoded Parts
See the color-coded sections: Header (algorithm), Payload (claims), and Signature.
- 3
Check Token Status
Look at the status badge to see if the token is Active, Expired, or Not Yet Valid.
- 4
Copy Decoded Data
Use the copy buttons to extract header or payload data as needed.
Related Tools
Regex Tester
Test and debug regular expressions with real-time matching, capture groups, and replace preview.
Cron Expression Generator
Build cron expressions visually. Get human-readable translations and next execution times.
Color Converter
Convert between HEX, RGB, HSL, CMYK and more. Includes contrast checker and palette generator.
Markdown Previewer
Live Markdown editor with GitHub Flavored Markdown support, syntax highlighting, and export options.
Frequently Asked Questions
Is my token sent to any server?
No, absolutely not. All decoding happens locally in your browser using JavaScript's built-in atob() function. Your token never leaves your device.
Does this verify the token signature?
No, this tool only decodes the token for readability. It does NOT verify if the signature is valid or if the token was tampered with.
What are standard JWT claims?
iss (issuer), sub (subject), aud (audience), exp (expiration), iat (issued at), nbf (not before), and jti (JWT ID) are standard registered claims.
Why does my token show as expired?
The exp claim contains a Unix timestamp. If current time is past that timestamp, the token is expired. This is for informational purposes only.
Can I decode any JWT token?
You can decode any JWT's header and payload (they're just Base64Url encoded). The signature section can be seen but not verified without the secret key.