JWT Decoder
Paste a JSON Web Token. See its header, payload, and signature parsed locally — no server round-trip. Expiry countdown included.
JWT
Decoding runs entirely in your browser via base64url + JSON.parse. The token is never sent anywhere.
FAQ
Is my JWT sent to a server?▼
No. Decoding happens entirely in your browser via base64url decoding of the header and payload segments. Your token never leaves the page.
Does this verify the signature?▼
No. Signature verification needs the secret/public key you trusted at sign time. We surface the algorithm and signature segment so you can verify it server-side with the right key.
What do exp / iat / nbf mean?▼
exp = expiry (Unix seconds), iat = issued-at, nbf = not-valid-before. We render each as a human-readable date and show whether the token is currently within its validity window.
Can I decode a JWE (encrypted) token too?▼
No — JWEs need the decryption key to read the payload. This tool only decodes the JOSE-signed JWS format (the common alg: HS256, RS256, ES256 etc.).
More Website Tools
OG Image Generator
Generate a 1200×630 social card from any URL — auto-pulls title and description. Drop into your og:image meta tag.
WHOIS Lookup
See a domain's registrar, registration date, expiry, status flags, and nameservers. Powered by RDAP — the modern WHOIS replacement.
DNS Propagation Checker
Query a DNS record across Cloudflare, Google, Quad9, and OpenDNS at once. See if your change has propagated.