JWT Decoder & Inspection
Decode and inspect JSON Web Tokens instantly.
Privacy Note: This tokens are decoded 100% on your device (client-side). They are never sent to any server.
Enter a JWT to inspect
Paste a JSON Web Token on the left to view its header, payload, and claims metadata.
JWT Guide Guide
How to Use
- 1Paste JWT: Enter a full JWT (Header.Payload.Signature) in the text area.
- 2Inspect Header: View the algorithm (alg) and type (typ) used for the token.
- 3Inspect Payload: Find user IDs, names, and custom claims as JSON.
- 4Check Expiration: View the 'exp' timestamp formatted into a readable date/time.
- 5Copy JSON: One-click copy any decoded JSON part for your development work.
Formula & Logic
JWTs (JSON Web Tokens) are an open standard for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
Practical Applications
Authentication Debugging
Paste tokens from your browser storage to see why users are getting 'Unauthorized' errors.
Claim Verification
Quickly check user roles, scopes, or issuer (iss) claims from an authentication server.
API Integration
Ensure your backend is receiving the correct metadata when integrating with OAuth2/OIDC providers.
Frequently Asked Questions
Q.Is it safe to paste my JWT here?
Yes. Our decoder works 100% on the client side (your browser). Your token is never uploaded to our servers, ensuring your data remains private.
Q.Can I use this to forge a JWT?
No. This tool is for decoding and inspecting existing tokens. You cannot generate a valid signature for a fake token without the private secret/key.
Q.What is the 'exp' claim?
The 'exp' (Expiration Time) claim identifies the time after which the JWT MUST NOT be accepted for processing—usually represented as a Unix timestamp.