JWT Decoder & Token Inspector

JWT Decoder & Inspection

Decode and inspect JSON Web Tokens instantly.

Privacy Note: This tokens are decoded 100% on your device (client-side). They are never sent to any server.

Enter a JWT to inspect

Paste a JSON Web Token on the left to view its header, payload, and claims metadata.

JWT Guide

How to Use

  1. 1Paste JWT: Enter a full JWT (Header.Payload.Signature) in the text area.
  2. 2Inspect Header: View the algorithm (alg) and type (typ) used for the token.
  3. 3Inspect Payload: Find user IDs, names, and custom claims as JSON.
  4. 4Check Expiration: View the 'exp' timestamp formatted into a readable date/time.
  5. 5Copy JSON: One-click copy any decoded JSON part for your development work.

Formula & Logic

JWTs (JSON Web Tokens) are an open standard for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

Header= Algorithm and Token Type (JSON).
Payload= Data Claims and Expiration (JSON).
Signature= Hashed data verifying the token's integrity.

Practical Applications

1

Authentication Debugging

Paste tokens from your browser storage to see why users are getting 'Unauthorized' errors.

2

Claim Verification

Quickly check user roles, scopes, or issuer (iss) claims from an authentication server.

3

API Integration

Ensure your backend is receiving the correct metadata when integrating with OAuth2/OIDC providers.

Frequently Asked Questions

QIs it safe to paste my JWT here?

Yes. Our decoder works 100% on the client side (your browser). Your token is never uploaded to our servers, ensuring your data remains private.

QCan I use this to forge a JWT?

No. This tool is for decoding and inspecting existing tokens. You cannot generate a valid signature for a fake token without the private secret/key.

QWhat is the 'exp' claim?

The 'exp' (Expiration Time) claim identifies the time after which the JWT MUST NOT be accepted for processing—usually represented as a Unix timestamp.