Tools JWT Decoder

JWT Decoder

Decode a JSON Web Token to inspect its header and payload, read the standard claims as human dates, and optionally verify an HS256/384/512 signature. Everything runs locally in your browser — your token is never uploaded.

JSON Web Token
Header 

      

      

        

          
          Payload
        

        

      

    


    
    

      

        

          Registered claims
        

        

      


      

        

          
          Signature verification
        

        

          

          

            
            
          

          

          
Decoding never checks the signature — anyone can read a JWT's contents. Verification here is optional and only supports HMAC (HS*) algorithms.

        

      

    


  


  
  

    








  


  
  

    
About this JWT decoder

    

      
Header & payload
Base64url-decodes both segments and pretty-prints the JSON.

      
Claim dates
exp, iat and nbf are shown as readable dates with a live expiry status.

      
Optional verify
Check an HS256/384/512 signature by entering the shared secret.

      
Decode ≠ trust
A JWT is only encoded, not encrypted — never put secrets in a payload.

      
Asymmetric algs
RS/ES/PS signatures need a public key and aren't verified here.

      
Private
Your token is decoded in the browser — it's never sent to a server.

    

  


  
  

    








  




  


  
  
  

    

      

        📬 Weekly Newsletter
      

      
Stay ahead of the curve

      
Get the best programming tutorials, data analytics tips, and tool reviews delivered to your inbox every week.

      

        
        
      

      
No spam. Unsubscribe anytime.