Zero Signup ToolsFree browser tools

Developer Tools

JWT Decoder

Decode JSON Web Tokens in your browser. Inspect header, payload, claims, and expiry. Your token is never sent to a server.

197 chars

Tokens are decoded entirely in your browser. Your JWT is never sent to a server. This tool does not verify the signature, only the structure and claim values.

Token summary

  • Algorithm

    HS256

  • Type

    JWT

  • Key ID (kid)

    (not set)

  • Signature

    32 bytes

Expiration (exp)

Valid

Valid for another 70 years

Not before (nbf)

Not present in this token

Issued at (iat)

Issued 3 years ago

Header

Algorithm and token metadata

Decoded JSON
{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

Claims (data inside the token)

Decoded JSON
{
  "sub": "1234567890",
  "name": "Jane Doe",
  "iat": 1700000000,
  "exp": 4000000000,
  "role": "admin"
}

Claims breakdown

  • subSubject (whom the token refers to)

    1234567890

  • expExpiration time (Unix seconds)Valid

    4000000000

    Tue, 02 Oct 2096 07:06:40 GMT (in 70 years)

  • iatIssued at (Unix seconds)

    1700000000

    Tue, 14 Nov 2023 22:13:20 GMT (3 years ago)

  • nameCustom claim

    Jane Doe

  • roleCustom claim

    admin

Raw segments

The signature is a base64url-encoded HMAC or asymmetric signature over the header and payload. This tool does not verify it.

  • Encoded header

    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

  • Encoded payload

    eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkphbmUgRG9lIiwiaWF0IjoxNzAwMDAwMDAwLCJleHAiOjQwMDAwMDAwMDAsInJvbGUiOiJhZG1pbiJ9

  • Encoded signature

    MQ7n9lEkS31VbN9hYHnH7-2tJZ8q2jqz6MDIcSsR0AY

How to use

  1. Paste a JWT into the input area, including the header, payload, and signature segments separated by dots.
  2. Read the algorithm, type, and key ID in the token summary, and check the validity status for exp, nbf, and iat.
  3. Open the Header and Payload panels to see the decoded JSON, or browse the Claims breakdown for human-readable descriptions.
  4. Use any Copy button to copy a segment, claim value, or the full decoded JSON.

About this tool

JWT Decoder splits a JSON Web Token into its three parts and decodes the header and payload from base64url into readable JSON. It surfaces the algorithm, type, key ID, and signature length, lists every registered claim (iss, sub, aud, exp, nbf, iat, jti) with a plain-English description, and shows whether the token is currently valid based on its expiration and not-before times. Custom claims are listed too. The whole tool runs in your browser, so the token you paste never leaves your device. This tool decodes structure and inspects values, it does not verify the signature, since signature verification needs the issuer's secret key or public key.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Developer

Base64 Encoder Decoder

Encode and decode Base64 with full Unicode.

Open tool

Date & Time

Unix Timestamp Converter

Convert epoch timestamps to dates and back.

Open tool

Developer

JSON Formatter

Format, minify, and validate JSON in your browser.

Open tool

All toolsDeveloper Tools