developer
JWT Decoder
Paste any JWT token to instantly decode and inspect the header, payload and signature. Shows expiry status, issued-at time and all claims in a readable format. Saves recent tokens locally.
🟢Token valid
Expires in 95208dExpires: Nov 20, 2286, 5:46:39 PMIssued: Jan 18, 2018, 1:30:22 AMHeader
Payload
Signature
Header
"alg": "HS256""typ": "JWT"
Payload
"sub": "1234567890""name": "John Doe""iat": 1516239022// 1/18/2018, 1:30:22 AM"exp": 9999999999// 11/20/2286, 5:46:39 PM
Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
⚠ Signature cannot be verified without the secret key
Claims summary
sub
1234567890
name
John Doe
iat
1/18/2018, 1:30:22 AM
exp
11/20/2286, 5:46:39 PM
Tokens saved locally
What is a JWT?
A JWT (JSON Web Token) is a compact, URL-safe token used for authentication and authorization. It consists of three base64url-encoded parts — header, payload and signature — separated by dots. The payload contains claims about the user or session.
Is it safe to paste my JWT here?
Decoding runs entirely in your browser using JavaScript. Your token is never sent to any server. However, JWTs can contain sensitive data — avoid pasting production tokens from critical systems into any online tool.