JWT Decoder

Paste a JWT to see its decoded header and payload, with standard claims like expiry explained. Nothing is uploaded, signatures are never verified or checked against a secret.

Header


        

Payload


        

Common questions

Does this verify the signature?

No, and it never will. Verifying a signature needs the secret or public key the token was signed with, and typing a signing secret into a public browser tool would be a bad security practice. This only decodes the header and payload, which is all that's needed to read what's inside a JWT.

Is my token sent anywhere?

No. Decoding is just Base64URL decoding plus a JSON parse, both done entirely in your browser. Nothing about your token leaves your device.

What does the exp claim mean?

Expiration time, as a Unix timestamp. This tool converts it to a readable date and tells you whether it's already passed, so you can quickly see if a token has expired.