JWT Decoder
Decode a JSON Web Token to reveal its header, payload, and signature. Browser-only, no verification.
{
"alg": "HS256"
}{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}- iat: 2018-01-18T01:30:22.000Z
About JWT Decoder
A JSON Web Token (JWT) is three Base64URL-encoded parts joined by dots: header, payload, signature. This tool splits the JWT and decodes the first two as JSON so you can inspect what the token claims. It does NOT verify the signature — for that you need the issuing key. Common expiration ('exp') and issued-at ('iat') claims are displayed as human-readable dates.
When to use it
- Inspecting an auth token from your browser's network tab
- Debugging why a request is being rejected
- Reading the claims in a third-party JWT
- Verifying that a token includes the expected fields
How it works
The token is split on '.'. Each of the three parts is Base64URL-decoded (Base64 with - and _ in place of + and /, and no padding). The first two parts are parsed as JSON; the third is left as raw bytes (you can't usefully inspect a signature without the key). Recognizable time claims are translated into readable dates.
Examples
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header: {alg: HS256}
Payload: {sub: 1234567890, name: John Doe, iat: 2018-01-18T01:30:22Z}Frequently asked questions
- Does this verify the JWT signature?
- No. Signature verification requires the secret key (HS256) or the issuer's public key (RS256/ES256). Without those, all this tool can do is decode the payload. To actually trust a JWT, the receiving server must verify it with the appropriate key.
- Is my token sent to a server?
- No. All decoding runs in your browser. Pasting a token here is safe — but never paste a production access token into untrusted sites in general.
- Why is 'iat' a number, not a date?
- JWT timestamps are Unix epoch seconds (numbers) per RFC 7519. This tool also shows them as ISO 8601 dates for readability.