JWT Decoder
Decode JWT tokens to inspect header and payload claims.
- On your device
- No signup
Private on your device
Your information stays on your device and is not uploaded.
Decode JWT tokens to inspect header and payload claims.
Encode and sign JWTs with HS256 on your device.
Generate sample JWTs with common claims.
Format, minify, and validate JSON with optional key sorting.
Compare two JSON documents and list structural differences.
Format, minify, and validate XML with readable indentation.
Compare two XML documents and list structural differences.
Encode and decode text with Base64.
A JWT decoder reads the header and payload of a JSON Web Token without verifying signatures. Useful for debugging auth tokens locally—never paste production secrets into untrusted sites.
Decode JWT online to troubleshoot authentication issues without writing scripts. View formatted JSON for header and payload, inspect standard claims like `iat`, `exp`, and `aud`, and copy values into bug reports.
Claims like `nbf` (not before) and `exp` (expiry) are Unix timestamps—compare in UTC.
Algorithm `none` in header is a red flag in production tokens—reject such tokens in your API.
Paste the full JWT, review decoded JSON, and note clock skew if expiry seems valid but API rejects the token.
Example: decode a stale refresh token to confirm `exp` passed five minutes ago, explaining the silent logout in your SPA.
Paste a JWT (optionally with a Bearer prefix). The tool splits header, payload, and signature, Base64URL-decodes the first two segments, and pretty-prints them as JSON. Common time claims (iat, nbf, exp) are shown as timestamps. Signatures are displayed but not verified.
Decoding a JWT does not verify its signature or prove the token is valid, trusted, or unexpired. Do not paste production secrets into untrusted tools.
Your data stays on your device and is not uploaded.
These pages use the same jwt decoder with guides tailored to specific search intents.
FAQ
Paste only the token string, not the `Bearer ` prefix from Authorization headers.
This decoder handles signed JWT (JWS) format, not encrypted JWE payloads.
Output is formatted for reading. Copy claims into your app config as needed.
Page last reviewed: