How to Use
- 1
Paste your JWT token (the long string with two dots separating three parts) into the input box.
- 2
The header and payload are decoded and displayed as formatted JSON. Timestamps (iat, exp) are shown as human-readable dates.
- 3
Check the validity indicator to see if the token has expired based on the exp claim.
Frequently Asked Questions
What is a JWT? โผ
A JSON Web Token (JWT) is a compact, URL-safe token format used to represent claims between parties. It consists of three Base64Url-encoded parts separated by dots: a header, a payload, and a signature.
Can this verify the JWT signature? โผ
No. Signature verification requires the secret key or public key, which this tool does not have access to. The decoder shows the header and payload contents but cannot confirm whether the token was issued by a trusted source.
Is it safe to paste a JWT here? โผ
This tool runs entirely in your browser - your token is never sent to any server. However, never share JWTs that grant access to sensitive systems in any external tool if you are unsure. Inspect tokens in development environments only.
What claims does the payload typically contain? โผ
Common JWT claims include: sub (subject/user ID), iat (issued at timestamp), exp (expiration timestamp), aud (audience), iss (issuer), and custom application-specific claims.