JWT Decoder

Decode JWT header and payload locally without verifying the signature. Inspect claims and expiry quickly.

Note: Signature is not verified. Never paste production secrets.

Pretty printShare-safe viewRemember tokenDiff mode

Signature is not verified. Avoid pasting secrets from production.

Click values to copy

Header

Header will appear here.

Payload

Payload will appear here.

Claim highlights

Issuer (iss)

N/A

Subject (sub)

N/A

Expires (exp)

N/A

Not before (nbf)

N/A

Issued at (iat)

N/A

Audience (aud)

N/A

Clock sanity

Security lint

Signature not verified. Only decode non-sensitive tokens.

Signature verification

Runs locally in your browser

Algorithm (alg)

Unknown

HMAC secret (HS256/384/512)Public key (RS256/ES256)JWKS URL (by kid)

Warning: Do not paste production secrets. Verification happens locally but secrets remain sensitive.

No verification yet

Paste a JWT or load the sample; header/payload decode automatically.
Use “Pretty print” to toggle formatting; copy header/payload or download all JSON.
Remember: signature is not verified—never paste sensitive production tokens.

Is decoding private?

Yes. Decoding happens in your browser; tokens are not uploaded.

Is the signature checked?

No. This tool only decodes header/payload. Do not paste sensitive tokens.

Can I export the decoded data?

Yes. Copy header/payload individually or download the combined JSON.