Decode and inspect JSON Web Tokens instantly. View header, payload, and expiry status. Everything runs in your browser — nothing is sent to a server.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It consists of three Base64-encoded parts separated by dots: Header.Payload.Signature.
- Header — Contains the signing algorithm (e.g., HS256, RS256) and token type.
- Payload — Contains claims like
sub(subject),iat(issued at),exp(expiration), and any custom data. - Signature — Verifies the token hasn’t been tampered with.
When to Use This
- Debugging authentication issues — check if a token is expired, who issued it, and what claims it contains.
- Inspecting tokens from OAuth providers (Google, Auth0, Firebase, etc.).
- Verifying that your backend is setting the correct claims before deploying.
Security Note
This decoder only reads the header and payload — it does not verify the signature. Never paste production tokens with sensitive data into online tools that send data to a server. This tool runs entirely in your browser.
Token