JWT Decoder
Decode a JSON Web Token and read its claims — locally, never uploaded.
Decoded locally in your browser — your token is never uploaded. Signature is not verified.
How to use
Paste a JWT (three dot-separated parts). The header and payload are decoded instantly, with exp/iat shown as readable dates.
About this tool
Paste a JWT and instantly see its decoded header and payload, with timestamp claims (exp, iat, nbf) shown as human-readable dates and an at-a-glance expiry status. Decoding happens entirely in your browser — your token is never sent anywhere, which matters because a JWT is a credential.
What you can use JWT Decoder for
- Inspect the claims inside a JWT while debugging auth
- Check whether a token is expired and when it was issued
- Read a token's header (alg, kid) at a glance
- Decode a JWT without pasting it into an untrusted website
Frequently asked questions
Is my token sent to a server?
No. A JWT is a credential, so decoding runs entirely in your browser and the token is never uploaded.
Does it verify the signature?
No — verifying a signature requires the secret or public key. This tool decodes and displays the header and payload only.
How does it show expiry?
The exp, iat, and nbf claims are converted to readable dates, and the tool flags whether the token is currently expired.