JWT Decoder
Header
Payload
Signature
Signature is displayed for inspection only — this tool does not verify it. Use a server-side library (e.g. jsonwebtoken, PyJWT) to validate signatures in production.
About this tool
Paste any JSON Web Token (JWT) to instantly decode its three parts — entirely in your browser. Nothing is sent to a server.
What you can see
- Header — signing algorithm (
alg), token type (typ), and any key ID (kid) - Payload — all claims, with timestamp fields (
iat,exp,nbf,auth_time) auto-converted to human-readable dates - Signature — the raw base64url-encoded signature
- Expiry status — whether the token is valid, expired, or not yet active
Common uses
- Debugging authentication issues by inspecting token claims
- Checking token expiry without writing code
- Understanding what claims an identity provider includes
- Quickly confirming the algorithm or key ID before configuring a library