D DevKit

JWT Decoder

Decode JSON Web Tokens — header, payload and expiry, all in your browser.

100% client-side No upload Free · no signup
Valid, expires in 95109d
Signature: S5ZQyZ7lYf4SnYC1B1cP_2LJxV5Y5Y5Y5Y5Y5Y5Y5Y5 — signature verification is not performed in-browser by design.

What is JWT Decoder?

A JWT (JSON Web Token) is a base64url-encoded header.payload.signature triplet. This decoder splits and pretty-prints the header and payload locally so you can inspect claims and expiry.

How to use

  1. Paste your JWT.
  2. Read decoded header and payload.
  3. Check the exp / iat hints.

Frequently asked questions

Does this verify the JWT signature?

No. Signature verification needs the issuer's key. Decoding is local-only for safety.

Is my token uploaded anywhere?

No. Decoding runs in your browser. Always rotate any token you paste into web tools.

What claims should I worry about?

exp (expiry), iat (issued at), nbf (not before), iss, aud and sub — they govern token validity and intent.