JWT Decoder – Free Online JSON Web Token Inspector
Paste a JWT to instantly see its header, payload, and all claims. Expiry and issued-at dates are displayed in human-readable format. No server, no logs.
How to Use
Paste your JWT
Paste the JWT token (starting with eyJ…) into the input field, or load the sample token.
Click Decode JWT
The header and payload are decoded instantly and displayed in formatted JSON.
Review claims
Switch between Header, Payload, and Signature tabs. Expiry status is shown at a glance.
Why Use Our Tool?
Expiry status display
Automatically detects the exp claim and shows whether the token is valid or expired.
Tabbed view
Switch cleanly between Header, Payload, and Signature with one click.
Claims reference
Built-in guide to standard JWT claims (iss, sub, aud, exp, nbf, iat, jti).
100% private
Your token never leaves your browser — no network requests, no server.
Frequently Asked Questions
Does this tool verify the JWT signature?
No. This tool only decodes the base64url-encoded header and payload. Signature verification requires the secret/private key and is intentionally not supported for security reasons.
Is my JWT token sent to a server?
No. Decoding uses base64 string operations in your browser. Your token never leaves your device.
What claims are shown?
All claims in the payload are displayed. Standard claims like exp (expiration), iat (issued at), sub (subject), and iss (issuer) are also interpreted and shown with human-readable dates.
How do I know if a token is expired?
If the token contains an exp claim, the decoder automatically compares it to the current time and displays 'Expired' or 'Valid' with a color indicator.
What JWT algorithms are supported for decoding?
Decoding works for any JWT regardless of algorithm (HS256, RS256, ES256, etc.) since it only reads the base64url-encoded parts.