JWT Decoder
Paste a JWT to see its decoded header and payload, with standard claims like expiry explained. Nothing is uploaded, signatures are never verified or checked against a secret.
Header
Payload
Common questions
Does this verify the signature?
No, and it never will. Verifying a signature needs the secret or public key the token was signed with, and typing a signing secret into a public browser tool would be a bad security practice. This only decodes the header and payload, which is all that's needed to read what's inside a JWT.
Is my token sent anywhere?
No. Decoding is just Base64URL decoding plus a JSON parse, both done entirely in your browser. Nothing about your token leaves your device.
What does the exp claim mean?
Expiration time, as a Unix timestamp. This tool converts it to a readable date and tells you whether it's already passed, so you can quickly see if a token has expired.