JWT Decoder & Inspector
Decode and inspect JSON Web Tokens.
How to Use
Paste a JSON Web Token (JWT) into the input field and the tool will decode and display the header, payload, and signature separately. Each section is syntax-highlighted and formatted for readability. The tool also shows token expiration status and registered claim details like issuer and audience.
Common Use Cases
- Inspecting JWT claims during authentication debugging in web applications
- Verifying token expiration times to troubleshoot "token expired" errors
- Checking the algorithm and key ID in the JWT header for signature validation
- Examining scopes and permissions encoded in OAuth2 access tokens
Frequently Asked Questions
Does this tool verify the JWT signature?
The tool decodes and displays the token contents but does not verify the cryptographic signature, since that requires the secret key or public key which should not be shared in a browser tool.
Is it safe to paste JWTs into this tool?
The tool runs entirely in your browser and does not send tokens to any server. However, JWTs may contain sensitive information, so avoid using production tokens with real user data when possible.
What are the three parts of a JWT?
A JWT consists of three Base64URL-encoded parts separated by dots: the Header (algorithm and token type), the Payload (claims like user ID, expiration, and custom data), and the Signature (cryptographic verification).