Skip to main content
Tools Encode / Decode
JWT

JWT Decoder

210,812 runs · v1.0 · Everything below stays in your browser

Decode JWT headers, payloads, and inspect signatures. Everything happens in your browser — no server calls.

Runs entirely in your browser · Your input is never transmitted

Paste a token
TOKEN
0 BReady
DECODED
 
IDLE
 
 
   
 
How to use
 
     
  1. Paste a JWT into the input.
  2. Decoded header and payload appear on the right.
  3. Use the 'Verify' field with your HS256 secret to check the signature.
    4.  
 
 
 
Frequently asked
 
 
 Is it safe to paste production tokens? 
The tool runs entirely client-side — no network calls with your token. Still, treat tokens like credentials: don't paste them into shared machines.
 
 Which algorithms are supported for verification? 
HS256, HS384, and HS512 (HMAC). RS*/ES* verification requires the public key and is not implemented in this tool yet.
 
 What does 'expired' mean? 
The exp (expiration time) claim in the payload is earlier than the current clock. Check the expiry timestamp against your machine's time.
 
 
 
 
 
 
 
Related tools
  
 
All tools
  
 
  
 B64 
 
Base64 Encode / Decode
 
Encode and decode Base64 with UTF-8 safety.
 
 Encode / Decode  
  
 URL 
 
URL Encoder / Decoder
 
Percent-encode and decode URLs and form data.
 
 Encode / Decode  
  
 HTML 
 
HTML Entity Encoder
 
Escape and unescape HTML entities for safe content rendering.
 
 Encode / Decode