🎫
JWT Decoder
DeveloperFree online JWT decoder. Decode JSON Web Tokens and inspect header, payload, and expiration in real time. No data sent to servers - everything stays in your browser.
0
0
JWT
Quick answers for JWT Decoder
What does the JWT Decoder show me?
The JWT Decoder splits a JSON Web Token into its three parts - header, payload, and signature - and pretty-prints the JSON so you can inspect claims like exp, iat, iss, and any custom fields.
Does the JWT Decoder verify the signature?
The JWT Decoder shows you what a token claims. Verification requires the secret or public key that issued the token and should be done server-side - never trust an unverified JWT for authorization.
Can I decode an expired JWT?
Yes. The JWT Decoder decodes any valid JWT regardless of expiry, which is useful for debugging expired-token bugs. Look at the exp claim to see when it was valid.
Is it safe to paste a JWT into the JWT Decoder?
The decoding happens in your browser, so the token is never sent to any server. That said, a JWT is a credential - if you paste a production token anywhere, rotate it when you're done.
Why is the signature garbled after decoding?
The first two segments of a JWT are base64-encoded JSON; the third is a binary signature. The JWT Decoder shows it unchanged because the raw bytes are not meant to be human-readable.