JWT Decoder
Decode and inspect JWT tokens instantly. View header, payload, and signature separately. Check expiration time and claims. Free, private, browser-based.
Expires in 1638d 14h 59m (Sat, 21 Sep 2030 16:37:02 GMT)
{
"alg": "HS256",
"typ": "JWT"
}{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"exp": 1916239022
}infoSignature verification requires the secret key or public key and is not performed by this tool.
About this tool
JSON Web Tokens (JWTs) are the de-facto standard for stateless authentication and secure information exchange on the web. A JWT is composed of three Base64Url-encoded parts — a header describing the signing algorithm, a payload carrying claims such as user identity and expiration time, and a cryptographic signature that ensures the token has not been tampered with.
This decoder parses your token entirely in the browser, so sensitive tokens are never transmitted to a server. It automatically detects and converts Unix timestamps in common claims like iat, exp, and nbf into human-readable dates, and shows the real-time expiration status of the token.
infoToken Info
list_altClaims
lightbulbSecurity Note
Never share JWTs in URLs or public logs. Treat them like passwords — anyone with the token can impersonate the user until it expires. Always use HTTPS to transmit tokens.
Frequently Asked Questions
What is a JWT token?
A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three parts: a header (algorithm info), a payload (claims/data), and a signature (verification).
Can this tool verify JWT signatures?
This tool decodes and displays the JWT contents but does not verify signatures, as that requires the secret key or public key. It's designed for inspection and debugging, not validation.
Does it check if the token is expired?
Yes. If the payload contains an 'exp' (expiration) claim, the tool automatically checks whether the token has expired and displays the expiration status.